11241100x80000000000000006953038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f51474978c4a17a2022-01-05 10:00:39.209root 11241100x80000000000000006953039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9acf7793c9ae002022-01-05 10:00:39.210root 11241100x80000000000000006953040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3686354038cf7ccb2022-01-05 10:00:39.210root 11241100x80000000000000006953041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30eb96321385e882022-01-05 10:00:39.210root 11241100x80000000000000006953042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c48c3a8eb37e35c2022-01-05 10:00:39.210root 11241100x80000000000000006953043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515d0b8dcbf628cb2022-01-05 10:00:39.210root 11241100x80000000000000006953044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3653550f8d92952022-01-05 10:00:39.210root 11241100x80000000000000006953045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e756f396a70da702022-01-05 10:00:39.210root 11241100x80000000000000006953046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74702e5ffa87c3df2022-01-05 10:00:39.210root 11241100x80000000000000006953047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d578d1abd1378902022-01-05 10:00:39.210root 11241100x80000000000000006953048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5195b6f977b453d32022-01-05 10:00:39.210root 11241100x80000000000000006953049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f58dfa4855bcb462022-01-05 10:00:39.210root 11241100x80000000000000006953050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd55b2a3f606b0b2022-01-05 10:00:39.210root 11241100x80000000000000006953051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39d62ac9bdb8bc42022-01-05 10:00:39.210root 11241100x80000000000000006953052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8278a10b31c7442022-01-05 10:00:39.210root 11241100x80000000000000006953053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9938e245d03a7d7b2022-01-05 10:00:39.709root 11241100x80000000000000006953054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a847ce10ad33fd2022-01-05 10:00:39.710root 11241100x80000000000000006953055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1688f1a6b4626c932022-01-05 10:00:39.710root 11241100x80000000000000006953056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee9f19572dbcc242022-01-05 10:00:39.710root 11241100x80000000000000006953057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d054b8f7473eb882022-01-05 10:00:39.710root 11241100x80000000000000006953058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c08b467586a05262022-01-05 10:00:39.710root 11241100x80000000000000006953059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a50ed344f1acd472022-01-05 10:00:39.710root 11241100x80000000000000006953060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595cb167cd3f88622022-01-05 10:00:39.710root 11241100x80000000000000006953061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d83aaeb6a342212022-01-05 10:00:39.710root 11241100x80000000000000006953062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d7f7f0eb2ae6db2022-01-05 10:00:39.710root 11241100x80000000000000006953063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9eb1d3d048f6ff2022-01-05 10:00:39.710root 11241100x80000000000000006953064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e93c59bd65fb0b2022-01-05 10:00:39.710root 11241100x80000000000000006953065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1d13205acb27f32022-01-05 10:00:39.710root 11241100x80000000000000006953066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c51e4254c8f4f22022-01-05 10:00:39.710root 11241100x80000000000000006953067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba16fc972405dc2022-01-05 10:00:39.710root 11241100x80000000000000006953068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec8c9fc146d68dc2022-01-05 10:00:40.209root 11241100x80000000000000006953069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd607981631caa42022-01-05 10:00:40.210root 11241100x80000000000000006953070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99613ff79b3d9322022-01-05 10:00:40.210root 11241100x80000000000000006953071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036450211547135b2022-01-05 10:00:40.210root 11241100x80000000000000006953072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4d2e00a6b1ed032022-01-05 10:00:40.210root 11241100x80000000000000006953073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d6fd7a09891da02022-01-05 10:00:40.210root 11241100x80000000000000006953074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1af3d77a92bc3a2022-01-05 10:00:40.210root 11241100x80000000000000006953075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82648dafd8def9fd2022-01-05 10:00:40.210root 11241100x80000000000000006953076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9681d2db2b134a3b2022-01-05 10:00:40.210root 11241100x80000000000000006953077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7aaaf14c9729342022-01-05 10:00:40.210root 11241100x80000000000000006953078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e02738cbb5cd9482022-01-05 10:00:40.210root 11241100x80000000000000006953079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b407e4e67db58252022-01-05 10:00:40.210root 11241100x80000000000000006953080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb69e368805e21d2022-01-05 10:00:40.210root 11241100x80000000000000006953081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720dd9c13066a8e52022-01-05 10:00:40.210root 11241100x80000000000000006953082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69e046393a7028a2022-01-05 10:00:40.210root 11241100x80000000000000006953083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bafe0d167ed1582022-01-05 10:00:40.709root 11241100x80000000000000006953084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f205dc6c179312c72022-01-05 10:00:40.710root 11241100x80000000000000006953085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64d529cf8a467e32022-01-05 10:00:40.710root 11241100x80000000000000006953086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728feb3d0a3f70bb2022-01-05 10:00:40.710root 11241100x80000000000000006953087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250ea3cc08c457732022-01-05 10:00:40.710root 11241100x80000000000000006953088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b67d7d31e601992022-01-05 10:00:40.710root 11241100x80000000000000006953089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06623cb82a0635352022-01-05 10:00:40.710root 11241100x80000000000000006953090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295c0bac8f4f668d2022-01-05 10:00:40.710root 11241100x80000000000000006953091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486424ba750f0d9a2022-01-05 10:00:40.710root 11241100x80000000000000006953092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7226eb547791d62022-01-05 10:00:40.710root 11241100x80000000000000006953093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fecdd6f4cb38dc2022-01-05 10:00:40.710root 11241100x80000000000000006953094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc606c13ae0964522022-01-05 10:00:40.710root 11241100x80000000000000006953095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb625f5aeacec072022-01-05 10:00:40.710root 11241100x80000000000000006953096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be06b8d2492d32f2022-01-05 10:00:40.710root 11241100x80000000000000006953097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5bdafbf44e9d162022-01-05 10:00:40.710root 11241100x80000000000000006953098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a16c35b4a7ee3982022-01-05 10:00:41.209root 11241100x80000000000000006953099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df560a4074ce193e2022-01-05 10:00:41.210root 11241100x80000000000000006953100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4dd235ef8eda442022-01-05 10:00:41.210root 11241100x80000000000000006953101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed0935f16f0af7c2022-01-05 10:00:41.210root 11241100x80000000000000006953102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea153ca573806712022-01-05 10:00:41.210root 11241100x80000000000000006953103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1857922deca1de8d2022-01-05 10:00:41.210root 11241100x80000000000000006953104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df46bb6f66368e682022-01-05 10:00:41.210root 11241100x80000000000000006953105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8da582fa58cb4382022-01-05 10:00:41.210root 11241100x80000000000000006953106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f06896817b79ed2022-01-05 10:00:41.210root 11241100x80000000000000006953107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67227c29a68c49d02022-01-05 10:00:41.210root 11241100x80000000000000006953108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd852c62f3f427662022-01-05 10:00:41.210root 11241100x80000000000000006953109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b041f6505bebd6082022-01-05 10:00:41.210root 11241100x80000000000000006953110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5143b1069de8f12022-01-05 10:00:41.210root 11241100x80000000000000006953111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91b42206283dd6f2022-01-05 10:00:41.210root 11241100x80000000000000006953112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c527cbb280ea4f5f2022-01-05 10:00:41.211root 11241100x80000000000000006953113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31df290b13013992022-01-05 10:00:41.709root 11241100x80000000000000006953114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2434ba5542c96bd72022-01-05 10:00:41.710root 11241100x80000000000000006953115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4626a28848043862022-01-05 10:00:41.710root 11241100x80000000000000006953116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96854e25a1a531ec2022-01-05 10:00:41.710root 11241100x80000000000000006953117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c25cb5731a8f0722022-01-05 10:00:41.710root 11241100x80000000000000006953118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aa904634105ea92022-01-05 10:00:41.710root 11241100x80000000000000006953119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc08b46ee2e36282022-01-05 10:00:41.710root 11241100x80000000000000006953120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649d36415db8f17d2022-01-05 10:00:41.710root 11241100x80000000000000006953121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5979309c7b61c382022-01-05 10:00:41.710root 11241100x80000000000000006953122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc7f24cabdb040d2022-01-05 10:00:41.710root 11241100x80000000000000006953123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f996abfe1995a92022-01-05 10:00:41.710root 11241100x80000000000000006953124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4585cfd8371fef2022-01-05 10:00:41.710root 11241100x80000000000000006953125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0168014949ccb04d2022-01-05 10:00:41.710root 11241100x80000000000000006953126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f530f7d399d8660c2022-01-05 10:00:41.710root 11241100x80000000000000006953127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92578ba11481150a2022-01-05 10:00:41.711root 11241100x80000000000000006953128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc1f772b89fc6252022-01-05 10:00:42.210root 11241100x80000000000000006953129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea0457b186f69372022-01-05 10:00:42.210root 11241100x80000000000000006953130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fcf4bc66be1ab22022-01-05 10:00:42.210root 11241100x80000000000000006953131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5a2ad4c0b79cc52022-01-05 10:00:42.210root 11241100x80000000000000006953132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd22f94692d1c35d2022-01-05 10:00:42.210root 11241100x80000000000000006953133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496e5987d7816a572022-01-05 10:00:42.210root 11241100x80000000000000006953134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890c839e8a6f77e02022-01-05 10:00:42.210root 11241100x80000000000000006953135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f122f2516ea2c6ff2022-01-05 10:00:42.210root 11241100x80000000000000006953136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54b57ce129dab792022-01-05 10:00:42.210root 11241100x80000000000000006953137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4398df8b0504715e2022-01-05 10:00:42.210root 11241100x80000000000000006953138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72419ff702ec3a5a2022-01-05 10:00:42.210root 11241100x80000000000000006953139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce7a6bbcc8c12fb2022-01-05 10:00:42.210root 11241100x80000000000000006953140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96387c8f3e261d9f2022-01-05 10:00:42.210root 11241100x80000000000000006953141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b72e8a7991206fb2022-01-05 10:00:42.210root 11241100x80000000000000006953142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27deea84d413c0172022-01-05 10:00:42.211root 11241100x80000000000000006953143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6460695422db64222022-01-05 10:00:42.709root 11241100x80000000000000006953144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78938181f8ce4e6d2022-01-05 10:00:42.710root 11241100x80000000000000006953145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dedabb27616b76f2022-01-05 10:00:42.710root 11241100x80000000000000006953146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8731f356280bb0322022-01-05 10:00:42.710root 11241100x80000000000000006953147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3366b57c090718d12022-01-05 10:00:42.710root 11241100x80000000000000006953148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3e0f227632cc5c2022-01-05 10:00:42.710root 11241100x80000000000000006953149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacee56b0d3d2d252022-01-05 10:00:42.710root 11241100x80000000000000006953150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17aa40ed9afc5322022-01-05 10:00:42.710root 11241100x80000000000000006953151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb58b0a984c06ca42022-01-05 10:00:42.710root 11241100x80000000000000006953152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5601291b820e31002022-01-05 10:00:42.710root 11241100x80000000000000006953153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcad84faa98a7dfb2022-01-05 10:00:42.710root 11241100x80000000000000006953154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf035aded58ce0a72022-01-05 10:00:42.710root 11241100x80000000000000006953155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06394d0851aa96102022-01-05 10:00:42.710root 11241100x80000000000000006953156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba3fb703fa434732022-01-05 10:00:42.710root 11241100x80000000000000006953157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e4278ea7d738a82022-01-05 10:00:42.710root 11241100x80000000000000006953158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf94d704ae94397f2022-01-05 10:00:43.209root 11241100x80000000000000006953159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a291b9a41d6d2ce2022-01-05 10:00:43.210root 11241100x80000000000000006953160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1b1bfcb87756322022-01-05 10:00:43.210root 11241100x80000000000000006953161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99a378173eecc1c2022-01-05 10:00:43.210root 11241100x80000000000000006953162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a096be9449837fd2022-01-05 10:00:43.210root 11241100x80000000000000006953163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4b35b2f182b1a32022-01-05 10:00:43.210root 11241100x80000000000000006953164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f1ebc46bb4fe42022-01-05 10:00:43.210root 11241100x80000000000000006953165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09703ec169fef3662022-01-05 10:00:43.210root 11241100x80000000000000006953166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf17d6e8f5473ede2022-01-05 10:00:43.210root 11241100x80000000000000006953167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9969d4d497436ad2022-01-05 10:00:43.210root 11241100x80000000000000006953168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f335cb7d0d8f2b2022-01-05 10:00:43.211root 11241100x80000000000000006953169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2ff353303c31552022-01-05 10:00:43.211root 11241100x80000000000000006953170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f9bc2a5685e0fa2022-01-05 10:00:43.211root 11241100x80000000000000006953171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e6a8161261965c2022-01-05 10:00:43.211root 11241100x80000000000000006953172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900ba1b12bde08022022-01-05 10:00:43.211root 11241100x80000000000000006953173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3b4533ca3aa03a2022-01-05 10:00:43.710root 11241100x80000000000000006953174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d442d32f9b231b2022-01-05 10:00:43.710root 11241100x80000000000000006953175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3f8bc3489d74232022-01-05 10:00:43.710root 11241100x80000000000000006953176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8053d3e5d673cf2022-01-05 10:00:43.710root 11241100x80000000000000006953177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2c912b066f03cb2022-01-05 10:00:43.711root 11241100x80000000000000006953178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d862571196a2c92022-01-05 10:00:43.711root 11241100x80000000000000006953179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1b199b1e7aec902022-01-05 10:00:43.711root 11241100x80000000000000006953180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9300eb99e41e702022-01-05 10:00:43.711root 11241100x80000000000000006953181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1bae30782157682022-01-05 10:00:43.711root 11241100x80000000000000006953182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0732d08e988b9eef2022-01-05 10:00:43.712root 11241100x80000000000000006953183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d3621ec1c53e932022-01-05 10:00:43.712root 11241100x80000000000000006953184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6560b09d3be9d4fa2022-01-05 10:00:43.712root 11241100x80000000000000006953185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eae986d03067ed12022-01-05 10:00:43.712root 11241100x80000000000000006953186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc43807c78d327b2022-01-05 10:00:43.712root 11241100x80000000000000006953187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fb3aab258107372022-01-05 10:00:43.712root 354300x80000000000000006953188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.125{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41668-false10.0.1.12-8000- 11241100x80000000000000006953189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c935703e6b00d52022-01-05 10:00:44.126root 11241100x80000000000000006953190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9df6059253182372022-01-05 10:00:44.126root 11241100x80000000000000006953191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb09f0be0b0036ac2022-01-05 10:00:44.126root 11241100x80000000000000006953192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f7381ed7171ef32022-01-05 10:00:44.126root 11241100x80000000000000006953193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.127{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac64cd6098931362022-01-05 10:00:44.127root 11241100x80000000000000006953194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.127{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad16edea517aba72022-01-05 10:00:44.127root 11241100x80000000000000006953195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.127{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27e7f155689c8302022-01-05 10:00:44.127root 11241100x80000000000000006953196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.127{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59c4c63f7f2efb02022-01-05 10:00:44.127root 11241100x80000000000000006953197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fdb08c758986662022-01-05 10:00:44.128root 11241100x80000000000000006953198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22460a820dfde042022-01-05 10:00:44.128root 11241100x80000000000000006953199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b4f423e9048b392022-01-05 10:00:44.128root 11241100x80000000000000006953200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f796d94bb3f0cbb2022-01-05 10:00:44.128root 11241100x80000000000000006953201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7146e047ec6438942022-01-05 10:00:44.128root 11241100x80000000000000006953202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655e51171e8803ac2022-01-05 10:00:44.129root 11241100x80000000000000006953203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ef802fb12478c72022-01-05 10:00:44.129root 11241100x80000000000000006953204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6cbb9a2aacd3fa2022-01-05 10:00:44.129root 11241100x80000000000000006953205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50df1902073d20a2022-01-05 10:00:44.129root 11241100x80000000000000006953206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fa0e12839e8aa12022-01-05 10:00:44.129root 11241100x80000000000000006953207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc71d9d29bb1a5b2022-01-05 10:00:44.459root 11241100x80000000000000006953208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9def6449475a862022-01-05 10:00:44.460root 11241100x80000000000000006953209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d18bf48bfcaf492022-01-05 10:00:44.460root 11241100x80000000000000006953210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab2a5033788fc632022-01-05 10:00:44.460root 11241100x80000000000000006953211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0926beb942cb6b72022-01-05 10:00:44.460root 11241100x80000000000000006953212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06365379fd7739fb2022-01-05 10:00:44.460root 11241100x80000000000000006953213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa79fcc511e0652c2022-01-05 10:00:44.460root 11241100x80000000000000006953214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f1b0a3ba99a2a32022-01-05 10:00:44.460root 11241100x80000000000000006953215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6e28bb51db78ae2022-01-05 10:00:44.460root 11241100x80000000000000006953216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80e8a1286c9747c2022-01-05 10:00:44.460root 11241100x80000000000000006953217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a671514b8cb9836f2022-01-05 10:00:44.460root 11241100x80000000000000006953218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077b787b83992c042022-01-05 10:00:44.461root 11241100x80000000000000006953219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9221b824bcba632022-01-05 10:00:44.461root 11241100x80000000000000006953220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cdb4783322407b2022-01-05 10:00:44.461root 11241100x80000000000000006953221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6b955fdfa5e4992022-01-05 10:00:44.461root 11241100x80000000000000006953222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae37fc2a6ca6a42022-01-05 10:00:44.461root 11241100x80000000000000006953223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa329b9d49e1f502022-01-05 10:00:44.959root 11241100x80000000000000006953224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47063da92f7590a02022-01-05 10:00:44.960root 11241100x80000000000000006953225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a68e45fa5c50402022-01-05 10:00:44.960root 11241100x80000000000000006953226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aa280f65dddd4e2022-01-05 10:00:44.960root 11241100x80000000000000006953227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947a3b815042696e2022-01-05 10:00:44.960root 11241100x80000000000000006953228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50405352506b27e62022-01-05 10:00:44.960root 11241100x80000000000000006953229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63417742c44666942022-01-05 10:00:44.960root 11241100x80000000000000006953230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d24dea4e17c812022-01-05 10:00:44.960root 11241100x80000000000000006953231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e10394b3a656722022-01-05 10:00:44.960root 11241100x80000000000000006953232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445f909237053c542022-01-05 10:00:44.960root 11241100x80000000000000006953233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d507a55f5827f9e32022-01-05 10:00:44.960root 11241100x80000000000000006953234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbf3b32e23690ee2022-01-05 10:00:44.961root 11241100x80000000000000006953235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff07c3debc196032022-01-05 10:00:44.961root 11241100x80000000000000006953236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3a50b2521297282022-01-05 10:00:44.961root 11241100x80000000000000006953237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5613dc53aa7e7ea12022-01-05 10:00:44.961root 11241100x80000000000000006953238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8c73eb230e59512022-01-05 10:00:44.961root 11241100x80000000000000006953239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2ee1d8c19d036e2022-01-05 10:00:45.459root 11241100x80000000000000006953240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5dfd955c30d28f2022-01-05 10:00:45.460root 11241100x80000000000000006953241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033f3369592c2ff02022-01-05 10:00:45.460root 11241100x80000000000000006953242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1e1121a3eb7a4a2022-01-05 10:00:45.460root 11241100x80000000000000006953243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea3171973a3df4e2022-01-05 10:00:45.460root 11241100x80000000000000006953244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f67fbb9620aee82022-01-05 10:00:45.460root 11241100x80000000000000006953245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ee5b568c8ba31b2022-01-05 10:00:45.460root 11241100x80000000000000006953246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f79bf557bab4d922022-01-05 10:00:45.460root 11241100x80000000000000006953247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87bafa9f19b367a2022-01-05 10:00:45.460root 11241100x80000000000000006953248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bbfa6718f821452022-01-05 10:00:45.460root 11241100x80000000000000006953249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e544db4fe1884c582022-01-05 10:00:45.460root 11241100x80000000000000006953250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51946c93a389593b2022-01-05 10:00:45.460root 11241100x80000000000000006953251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8d39756ff93dad2022-01-05 10:00:45.460root 11241100x80000000000000006953252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fe0b6c4529a4d22022-01-05 10:00:45.460root 11241100x80000000000000006953253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed724386020880992022-01-05 10:00:45.460root 11241100x80000000000000006953254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f178cb9b50da5fee2022-01-05 10:00:45.460root 11241100x80000000000000006953255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a87a08d0f2991272022-01-05 10:00:45.959root 11241100x80000000000000006953256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f24e1b529f3ceb92022-01-05 10:00:45.960root 11241100x80000000000000006953257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9bec6878d875d42022-01-05 10:00:45.960root 11241100x80000000000000006953258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a913517a630cb8df2022-01-05 10:00:45.960root 11241100x80000000000000006953259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b177e73af394902022-01-05 10:00:45.960root 11241100x80000000000000006953260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf2a5baa53b1b392022-01-05 10:00:45.960root 11241100x80000000000000006953261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95296e3757980cbc2022-01-05 10:00:45.960root 11241100x80000000000000006953262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a31347a618306662022-01-05 10:00:45.960root 11241100x80000000000000006953263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a10c1db7bb449e2022-01-05 10:00:45.960root 11241100x80000000000000006953264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4831303d7acd73d2022-01-05 10:00:45.960root 11241100x80000000000000006953265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d0034b7526e54c2022-01-05 10:00:45.960root 11241100x80000000000000006953266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830e0258a77e852b2022-01-05 10:00:45.960root 11241100x80000000000000006953267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59519175d29b9b172022-01-05 10:00:45.960root 11241100x80000000000000006953268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f9b04f0cd299e52022-01-05 10:00:45.960root 11241100x80000000000000006953269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8801a376bd613be52022-01-05 10:00:45.960root 11241100x80000000000000006953270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9a558879d0424a2022-01-05 10:00:45.961root 154100x80000000000000006953271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.449{ec2e79f3-6c4e-61d5-6814-0b7545560000}23001/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000006953272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40910e327f916edf2022-01-05 10:00:46.451root 11241100x80000000000000006953273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e66445203380fbc2022-01-05 10:00:46.451root 11241100x80000000000000006953274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6dc6e4e093d062022-01-05 10:00:46.451root 11241100x80000000000000006953275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af660c6e56aa086e2022-01-05 10:00:46.451root 11241100x80000000000000006953276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078306f6b33a4af62022-01-05 10:00:46.451root 11241100x80000000000000006953277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc75d9bb6e4248c22022-01-05 10:00:46.451root 11241100x80000000000000006953278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b38470a07ca4fc12022-01-05 10:00:46.451root 11241100x80000000000000006953279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969e3968415518aa2022-01-05 10:00:46.451root 11241100x80000000000000006953280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aa44a79632b5472022-01-05 10:00:46.451root 11241100x80000000000000006953281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7fc6347984a8bf2022-01-05 10:00:46.451root 11241100x80000000000000006953282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ee282a6d88eafc2022-01-05 10:00:46.451root 11241100x80000000000000006953283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9fa14fce47a82a2022-01-05 10:00:46.451root 11241100x80000000000000006953284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb472b5ee9ba0e72022-01-05 10:00:46.451root 11241100x80000000000000006953285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85cb13d9f8cd61b2022-01-05 10:00:46.451root 11241100x80000000000000006953286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8997e85e07d4199c2022-01-05 10:00:46.452root 11241100x80000000000000006953287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b965db8083a5b0e2022-01-05 10:00:46.452root 11241100x80000000000000006953288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54f20f53b73ff182022-01-05 10:00:46.452root 11241100x80000000000000006953289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb54943f8223f7232022-01-05 10:00:46.452root 11241100x80000000000000006953290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fef6f8007421ebe2022-01-05 10:00:46.452root 11241100x80000000000000006953291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b1ca0f68752b122022-01-05 10:00:46.452root 11241100x80000000000000006953292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60cb961acde13272022-01-05 10:00:46.452root 11241100x80000000000000006953293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21dedda2472e31f2022-01-05 10:00:46.452root 11241100x80000000000000006953294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d975ed5151b11c02022-01-05 10:00:46.452root 11241100x80000000000000006953295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4817506653e343e82022-01-05 10:00:46.452root 11241100x80000000000000006953296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c06ef1ff62d5fc62022-01-05 10:00:46.452root 11241100x80000000000000006953297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ed63c8773297e62022-01-05 10:00:46.452root 11241100x80000000000000006953298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9fdc94b047d94d2022-01-05 10:00:46.452root 11241100x80000000000000006953299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed162f712c5b1df2022-01-05 10:00:46.453root 11241100x80000000000000006953300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94080ce4a9b7140c2022-01-05 10:00:46.453root 11241100x80000000000000006953301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f491864e4d8239032022-01-05 10:00:46.453root 11241100x80000000000000006953302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7568e44bf81dd442022-01-05 10:00:46.453root 11241100x80000000000000006953303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779abacbbda9fd262022-01-05 10:00:46.453root 11241100x80000000000000006953304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609d39e12d5d24c52022-01-05 10:00:46.453root 11241100x80000000000000006953305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b57dd983742bf722022-01-05 10:00:46.453root 11241100x80000000000000006953306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bc76180e9045592022-01-05 10:00:46.454root 11241100x80000000000000006953307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7e0b01fc9c8b9f2022-01-05 10:00:46.454root 11241100x80000000000000006953308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187a13e1eefe64202022-01-05 10:00:46.454root 11241100x80000000000000006953309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5884f5ff160f1ce72022-01-05 10:00:46.454root 11241100x80000000000000006953310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4d569b029f5de22022-01-05 10:00:46.454root 11241100x80000000000000006953311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdff62ef2d6dcd92022-01-05 10:00:46.454root 11241100x80000000000000006953312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b694740c32785c12022-01-05 10:00:46.454root 11241100x80000000000000006953313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a92694ed3900ea2022-01-05 10:00:46.455root 11241100x80000000000000006953314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c068dc5b92514d92022-01-05 10:00:46.455root 11241100x80000000000000006953315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6b2cbcacb01dc42022-01-05 10:00:46.455root 11241100x80000000000000006953316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233b1b421a5d752b2022-01-05 10:00:46.455root 11241100x80000000000000006953317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9b4507f4fc27092022-01-05 10:00:46.455root 11241100x80000000000000006953318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d377f768162a98f12022-01-05 10:00:46.455root 11241100x80000000000000006953319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26acc0fafa1022522022-01-05 10:00:46.455root 11241100x80000000000000006953320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab0e313751faa6f2022-01-05 10:00:46.455root 534500x80000000000000006953321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.474{ec2e79f3-6c4e-61d5-6814-0b7545560000}23001/bin/psroot 11241100x80000000000000006953322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674e492bdcdb67b22022-01-05 10:00:46.709root 11241100x80000000000000006953323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a8eba24fa9293d2022-01-05 10:00:46.710root 11241100x80000000000000006953324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49119c6d1d255aa2022-01-05 10:00:46.710root 11241100x80000000000000006953325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f541a3fc047e002022-01-05 10:00:46.710root 11241100x80000000000000006953326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd20987054b6b422022-01-05 10:00:46.710root 11241100x80000000000000006953327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad51c7542e251c32022-01-05 10:00:46.710root 11241100x80000000000000006953328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cd629a95c8ac4a2022-01-05 10:00:46.710root 11241100x80000000000000006953329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580a77f0bad94f692022-01-05 10:00:46.710root 11241100x80000000000000006953330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921abb7a83b7b0692022-01-05 10:00:46.710root 11241100x80000000000000006953331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2970f7b835acad2022-01-05 10:00:46.710root 11241100x80000000000000006953332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75002e5453dffad92022-01-05 10:00:46.710root 11241100x80000000000000006953333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f6ca332805b342022-01-05 10:00:46.710root 11241100x80000000000000006953334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468ecc2a8555f0642022-01-05 10:00:46.710root 11241100x80000000000000006953335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf6c520a30d91e12022-01-05 10:00:46.710root 11241100x80000000000000006953336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f2496ba06bc7e42022-01-05 10:00:46.710root 11241100x80000000000000006953337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60477f214b1ae2af2022-01-05 10:00:46.711root 11241100x80000000000000006953338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c68ee40a82fbcc2022-01-05 10:00:46.711root 11241100x80000000000000006953339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ddaf0919f925b02022-01-05 10:00:46.711root 11241100x80000000000000006953340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea17fd04d48bcfc2022-01-05 10:00:47.210root 11241100x80000000000000006953341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05456d5b13b0ac82022-01-05 10:00:47.210root 11241100x80000000000000006953342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e49065ab06565b2022-01-05 10:00:47.210root 11241100x80000000000000006953343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3561b37308f1296d2022-01-05 10:00:47.210root 11241100x80000000000000006953344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998af5a071cfd8c02022-01-05 10:00:47.210root 11241100x80000000000000006953345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9060ef0381cca72022-01-05 10:00:47.210root 11241100x80000000000000006953346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac015a9ed22d69d2022-01-05 10:00:47.210root 11241100x80000000000000006953347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b97328004d24b82022-01-05 10:00:47.210root 11241100x80000000000000006953348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eada77c328c9aa22022-01-05 10:00:47.210root 11241100x80000000000000006953349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c42f4642a6f7b022022-01-05 10:00:47.210root 11241100x80000000000000006953350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d89ef00d3ec9b72022-01-05 10:00:47.211root 11241100x80000000000000006953351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf796dbbf5233222022-01-05 10:00:47.211root 11241100x80000000000000006953352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db8191665cc66182022-01-05 10:00:47.211root 11241100x80000000000000006953353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c0d71d77bc9ada2022-01-05 10:00:47.211root 11241100x80000000000000006953354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d19852b7dee255b2022-01-05 10:00:47.211root 11241100x80000000000000006953355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fb8aaba83056292022-01-05 10:00:47.211root 11241100x80000000000000006953356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c34fa40c525fb2022-01-05 10:00:47.211root 11241100x80000000000000006953357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bb2c5e3786bf272022-01-05 10:00:47.211root 11241100x80000000000000006953358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469ce8c6463ef7962022-01-05 10:00:47.710root 11241100x80000000000000006953359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3e7a99de69b8922022-01-05 10:00:47.710root 11241100x80000000000000006953360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf67b63d23af5d72022-01-05 10:00:47.710root 11241100x80000000000000006953361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e459c7a41b742f2022-01-05 10:00:47.710root 11241100x80000000000000006953362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa22215313bfdd9b2022-01-05 10:00:47.710root 11241100x80000000000000006953363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e7a1f778c6864f2022-01-05 10:00:47.710root 11241100x80000000000000006953364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a3a4c997af8f712022-01-05 10:00:47.710root 11241100x80000000000000006953365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2980459670ce397b2022-01-05 10:00:47.710root 11241100x80000000000000006953366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8936b726a5204d2022-01-05 10:00:47.710root 11241100x80000000000000006953367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f0a9b2e267c6402022-01-05 10:00:47.710root 11241100x80000000000000006953368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e507800c8f6d632022-01-05 10:00:47.710root 11241100x80000000000000006953369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd6c1dbbcfbfa0d2022-01-05 10:00:47.710root 11241100x80000000000000006953370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d5293d607131d02022-01-05 10:00:47.710root 11241100x80000000000000006953371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9af9ecaae6f5582022-01-05 10:00:47.711root 11241100x80000000000000006953372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af36713ef212fda2022-01-05 10:00:47.711root 11241100x80000000000000006953373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f36dc86b99e1072022-01-05 10:00:47.711root 11241100x80000000000000006953374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb0466cce09dc42022-01-05 10:00:47.711root 11241100x80000000000000006953375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caea36ebbd3b18d2022-01-05 10:00:47.711root 11241100x80000000000000006953376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6b437a8138075e2022-01-05 10:00:48.209root 11241100x80000000000000006953377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ac5dce3635bbc22022-01-05 10:00:48.209root 11241100x80000000000000006953378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7c2349d5a2492c2022-01-05 10:00:48.210root 11241100x80000000000000006953379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c36902c452b2d382022-01-05 10:00:48.210root 11241100x80000000000000006953380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c93b44234658aaf2022-01-05 10:00:48.210root 11241100x80000000000000006953381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bb03abf7be95be2022-01-05 10:00:48.210root 11241100x80000000000000006953382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34887280183f9de52022-01-05 10:00:48.210root 11241100x80000000000000006953383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29daa44dc4342e332022-01-05 10:00:48.210root 11241100x80000000000000006953384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1a40afed319d2d2022-01-05 10:00:48.210root 11241100x80000000000000006953385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1337b5f722e43582022-01-05 10:00:48.210root 11241100x80000000000000006953386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4760aea56ec16f12022-01-05 10:00:48.210root 11241100x80000000000000006953387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0f5680c55bca8f2022-01-05 10:00:48.211root 11241100x80000000000000006953388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5039c281165992b2022-01-05 10:00:48.211root 11241100x80000000000000006953389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9fea66132b475f2022-01-05 10:00:48.211root 11241100x80000000000000006953390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09d3d13bad87d422022-01-05 10:00:48.211root 11241100x80000000000000006953391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e29cebae3937a62022-01-05 10:00:48.211root 11241100x80000000000000006953392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9b47c9820e33152022-01-05 10:00:48.211root 11241100x80000000000000006953393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02b4325f2793722022-01-05 10:00:48.211root 11241100x80000000000000006953394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bbb373d39d4fd02022-01-05 10:00:48.709root 11241100x80000000000000006953395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5035fe924986a3c22022-01-05 10:00:48.709root 11241100x80000000000000006953396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ddf9fe096b506f2022-01-05 10:00:48.709root 11241100x80000000000000006953397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d06ec1fe3348022022-01-05 10:00:48.709root 11241100x80000000000000006953398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008c3e1e8e8cdbcc2022-01-05 10:00:48.709root 11241100x80000000000000006953399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766491ab398b16482022-01-05 10:00:48.709root 11241100x80000000000000006953400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07e738aa99bc8092022-01-05 10:00:48.709root 11241100x80000000000000006953401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99de85e0cdcc2c22022-01-05 10:00:48.710root 11241100x80000000000000006953402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2fb48a235b1aad2022-01-05 10:00:48.710root 11241100x80000000000000006953403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae4321f285882bf2022-01-05 10:00:48.710root 11241100x80000000000000006953404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59304bbb05be6d8e2022-01-05 10:00:48.710root 11241100x80000000000000006953405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03eb535d3927d02022-01-05 10:00:48.710root 11241100x80000000000000006953406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cd9d184309fbcf2022-01-05 10:00:48.710root 11241100x80000000000000006953407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5945fd0cb1206022022-01-05 10:00:48.710root 11241100x80000000000000006953408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769dfe4bf799a4982022-01-05 10:00:48.710root 11241100x80000000000000006953409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc4de8429ba4c4e2022-01-05 10:00:48.710root 11241100x80000000000000006953410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9e1614bcdd1b462022-01-05 10:00:48.710root 11241100x80000000000000006953411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acf3dd16f17f2332022-01-05 10:00:48.710root 11241100x80000000000000006953412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803249f1d20c52dd2022-01-05 10:00:48.710root 11241100x80000000000000006953413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072ef068c70a84852022-01-05 10:00:48.710root 11241100x80000000000000006953414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697d934830d8b2232022-01-05 10:00:48.710root 11241100x80000000000000006953415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab32e4866aa31d992022-01-05 10:00:48.710root 11241100x80000000000000006953416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8edc52e80742bdc2022-01-05 10:00:48.710root 11241100x80000000000000006953417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254677f735e404bb2022-01-05 10:00:48.710root 11241100x80000000000000006953418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b4abe7ae008d3c2022-01-05 10:00:48.711root 11241100x80000000000000006953419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfbc451ef1bd0a92022-01-05 10:00:48.711root 11241100x80000000000000006953420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe78b64c2e701cbd2022-01-05 10:00:48.711root 11241100x80000000000000006953421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf9815564e36d2f2022-01-05 10:00:48.711root 11241100x80000000000000006953422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa4e6c12ab0c1d52022-01-05 10:00:48.711root 11241100x80000000000000006953423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e23c3709d708272022-01-05 10:00:48.711root 11241100x80000000000000006953424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49719603e7db6192022-01-05 10:00:48.711root 11241100x80000000000000006953425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a769c307e3a21e92022-01-05 10:00:48.711root 11241100x80000000000000006953426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970cad1e646c471b2022-01-05 10:00:48.711root 11241100x80000000000000006953427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98afb37d99fcbff62022-01-05 10:00:48.711root 11241100x80000000000000006953428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16b2b710bb61b5f2022-01-05 10:00:48.711root 11241100x80000000000000006953429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32165ef63fcf40992022-01-05 10:00:48.711root 11241100x80000000000000006953430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f241ada16ef4ba2022-01-05 10:00:48.711root 11241100x80000000000000006953431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad6e9ee5db8e03b2022-01-05 10:00:48.711root 11241100x80000000000000006953432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276970d55362c01b2022-01-05 10:00:48.712root 11241100x80000000000000006953433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a215a96033701912022-01-05 10:00:48.712root 11241100x80000000000000006953434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e439aa9d73b66712022-01-05 10:00:48.712root 11241100x80000000000000006953435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178f32a47c9c36432022-01-05 10:00:49.209root 11241100x80000000000000006953436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1527086536762eb92022-01-05 10:00:49.209root 11241100x80000000000000006953437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a665b9808fb3e932022-01-05 10:00:49.209root 11241100x80000000000000006953438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79701518c43e33e32022-01-05 10:00:49.209root 11241100x80000000000000006953439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590f923c845c9d892022-01-05 10:00:49.209root 11241100x80000000000000006953440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193e569c607a48402022-01-05 10:00:49.209root 11241100x80000000000000006953441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca385ed7ca2dc9262022-01-05 10:00:49.210root 11241100x80000000000000006953442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d518bc225e59adc2022-01-05 10:00:49.210root 11241100x80000000000000006953443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710c6a3c89cafa1b2022-01-05 10:00:49.210root 11241100x80000000000000006953444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef0a8ceb65f39002022-01-05 10:00:49.210root 11241100x80000000000000006953445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5e8041cf28ab402022-01-05 10:00:49.210root 11241100x80000000000000006953446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e703c6e5cff337992022-01-05 10:00:49.210root 11241100x80000000000000006953447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47b179cee91ffeb2022-01-05 10:00:49.210root 11241100x80000000000000006953448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f1859a50e5ea8c2022-01-05 10:00:49.210root 11241100x80000000000000006953449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fe017dead929ba2022-01-05 10:00:49.210root 11241100x80000000000000006953450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f47259c2c3b37d2022-01-05 10:00:49.210root 11241100x80000000000000006953451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25c26c09793296a2022-01-05 10:00:49.210root 11241100x80000000000000006953452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7ec6d8975b70412022-01-05 10:00:49.210root 11241100x80000000000000006953453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b62b6d9907f2d632022-01-05 10:00:49.210root 11241100x80000000000000006953454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc44fffbdc9255832022-01-05 10:00:49.210root 11241100x80000000000000006953455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72d2946eeee28192022-01-05 10:00:49.210root 11241100x80000000000000006953456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96736c269eebced12022-01-05 10:00:49.210root 11241100x80000000000000006953457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee7908397207fa72022-01-05 10:00:49.211root 11241100x80000000000000006953458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f2dc67e94b812f2022-01-05 10:00:49.211root 11241100x80000000000000006953459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88aec3936e0241b2022-01-05 10:00:49.211root 11241100x80000000000000006953460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448dab153fc0c4902022-01-05 10:00:49.211root 11241100x80000000000000006953461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d676c3f1e9d4b872022-01-05 10:00:49.211root 11241100x80000000000000006953462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4e8a18eaf03b2d2022-01-05 10:00:49.211root 11241100x80000000000000006953463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa08053aa70bc722022-01-05 10:00:49.211root 11241100x80000000000000006953464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43f779be6b01b12022-01-05 10:00:49.212root 11241100x80000000000000006953465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2d13bea7bef91e2022-01-05 10:00:49.212root 11241100x80000000000000006953466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd1b96ce703a1842022-01-05 10:00:49.212root 11241100x80000000000000006953467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bb5b3a4b8db4a02022-01-05 10:00:49.212root 11241100x80000000000000006953468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc864a32ea193762022-01-05 10:00:49.709root 11241100x80000000000000006953469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097798cc3481593a2022-01-05 10:00:49.709root 11241100x80000000000000006953470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a55be0789732dd2022-01-05 10:00:49.709root 11241100x80000000000000006953471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c2488bad196bb42022-01-05 10:00:49.709root 11241100x80000000000000006953472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12102ef71332188b2022-01-05 10:00:49.709root 11241100x80000000000000006953473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa81f7857cb78182022-01-05 10:00:49.710root 11241100x80000000000000006953474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568f11a6ffb507fe2022-01-05 10:00:49.710root 11241100x80000000000000006953475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb4ada7079633852022-01-05 10:00:49.710root 11241100x80000000000000006953476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9e6bb66190c74c2022-01-05 10:00:49.710root 11241100x80000000000000006953477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f80b7f1ffb3c70c2022-01-05 10:00:49.710root 11241100x80000000000000006953478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6fb09c679ee5912022-01-05 10:00:49.710root 11241100x80000000000000006953479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febe5ac801f44c662022-01-05 10:00:49.710root 11241100x80000000000000006953480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec020230e961b3e2022-01-05 10:00:49.710root 11241100x80000000000000006953481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d11117bbee1ce12022-01-05 10:00:49.710root 11241100x80000000000000006953482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a312b7879dfdd12e2022-01-05 10:00:49.710root 11241100x80000000000000006953483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcc04995eba95f22022-01-05 10:00:49.710root 11241100x80000000000000006953484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706c8c7897e1beac2022-01-05 10:00:49.710root 11241100x80000000000000006953485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb76b3abc7cab5032022-01-05 10:00:49.711root 354300x80000000000000006953486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.037{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41670-false10.0.1.12-8000- 11241100x80000000000000006953487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e743ce18ab1daf2022-01-05 10:00:50.038root 11241100x80000000000000006953488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c854772a1842cb2022-01-05 10:00:50.038root 11241100x80000000000000006953489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03af58f307cdcad82022-01-05 10:00:50.038root 11241100x80000000000000006953490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42681b8cf5140a242022-01-05 10:00:50.038root 11241100x80000000000000006953491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab346e237c10278f2022-01-05 10:00:50.038root 11241100x80000000000000006953492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfa72b7cd9bc5fe2022-01-05 10:00:50.038root 11241100x80000000000000006953493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe4a6c56ead19602022-01-05 10:00:50.038root 11241100x80000000000000006953494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008b3eafee61c4b32022-01-05 10:00:50.038root 11241100x80000000000000006953495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1429ab045597aa0a2022-01-05 10:00:50.038root 11241100x80000000000000006953496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9947ed7505d8b22022-01-05 10:00:50.039root 11241100x80000000000000006953497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1596ed3324882fcb2022-01-05 10:00:50.039root 11241100x80000000000000006953498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d8451eae27881e2022-01-05 10:00:50.039root 11241100x80000000000000006953499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891369ec1857e4b92022-01-05 10:00:50.039root 11241100x80000000000000006953500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2ac905cc319df22022-01-05 10:00:50.039root 11241100x80000000000000006953501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82cd12fda5c40c72022-01-05 10:00:50.039root 11241100x80000000000000006953502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b47333a6a71ceba2022-01-05 10:00:50.039root 11241100x80000000000000006953503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055b1b23644b71722022-01-05 10:00:50.039root 11241100x80000000000000006953504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838e1ba2004d7fbc2022-01-05 10:00:50.039root 11241100x80000000000000006953505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.040{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780e8958ff2885592022-01-05 10:00:50.040root 11241100x80000000000000006953506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.040{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd06491322e065fc2022-01-05 10:00:50.040root 11241100x80000000000000006953507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d97af67e5d152e2022-01-05 10:00:50.041root 11241100x80000000000000006953508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd75f8d24376853a2022-01-05 10:00:50.041root 11241100x80000000000000006953509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a08400eb2e5302d2022-01-05 10:00:50.042root 11241100x80000000000000006953510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6389e4f0f4c19882022-01-05 10:00:50.459root 11241100x80000000000000006953511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d653a382f32ab30d2022-01-05 10:00:50.459root 11241100x80000000000000006953512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47adc7161c29008f2022-01-05 10:00:50.459root 11241100x80000000000000006953513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dd4450b021aea82022-01-05 10:00:50.460root 11241100x80000000000000006953514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262aaadc8a0cbc742022-01-05 10:00:50.460root 11241100x80000000000000006953515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c31f0db5bac19492022-01-05 10:00:50.460root 11241100x80000000000000006953516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9c91a7c7f16762022-01-05 10:00:50.460root 11241100x80000000000000006953517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8adeecec72e5962022-01-05 10:00:50.460root 11241100x80000000000000006953518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430113ad570b3be52022-01-05 10:00:50.460root 11241100x80000000000000006953519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141c9c429507bc112022-01-05 10:00:50.460root 11241100x80000000000000006953520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eba8f969ddfecd12022-01-05 10:00:50.460root 11241100x80000000000000006953521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949c17994d2aad0e2022-01-05 10:00:50.460root 11241100x80000000000000006953522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e3ce8ae7635dfd2022-01-05 10:00:50.460root 11241100x80000000000000006953523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680b07ec23b1f2842022-01-05 10:00:50.460root 11241100x80000000000000006953524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00515a04e9738b0f2022-01-05 10:00:50.460root 11241100x80000000000000006953525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6665da94944e702022-01-05 10:00:50.460root 11241100x80000000000000006953526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ee7d7b08c336222022-01-05 10:00:50.460root 11241100x80000000000000006953527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae82d268b41544282022-01-05 10:00:50.460root 11241100x80000000000000006953528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19afe33c715ab842022-01-05 10:00:50.460root 11241100x80000000000000006953529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b9edd3804021682022-01-05 10:00:50.960root 11241100x80000000000000006953530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a82f5b2368ebbf2022-01-05 10:00:50.960root 11241100x80000000000000006953531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97ffcb99d1dd45f2022-01-05 10:00:50.960root 11241100x80000000000000006953532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dce04c934b38262022-01-05 10:00:50.960root 11241100x80000000000000006953533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b04cb2161ead1a72022-01-05 10:00:50.960root 11241100x80000000000000006953534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f9fb10c8c722052022-01-05 10:00:50.961root 11241100x80000000000000006953535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e855911cc25b1e002022-01-05 10:00:50.961root 11241100x80000000000000006953536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b01ccc7b89966042022-01-05 10:00:50.961root 11241100x80000000000000006953537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5035188205ef6c002022-01-05 10:00:50.961root 11241100x80000000000000006953538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d9589e15fb686c2022-01-05 10:00:50.961root 11241100x80000000000000006953539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499b2ebedb7a9e9a2022-01-05 10:00:50.961root 11241100x80000000000000006953540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd371bee073d93692022-01-05 10:00:50.961root 11241100x80000000000000006953541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5133390cd8a3cb92022-01-05 10:00:50.961root 11241100x80000000000000006953542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b87ca36936563b2022-01-05 10:00:50.961root 11241100x80000000000000006953543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f7a8d92406a1352022-01-05 10:00:50.961root 11241100x80000000000000006953544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82690d52767000db2022-01-05 10:00:50.961root 11241100x80000000000000006953545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab0de19375ceca02022-01-05 10:00:50.961root 11241100x80000000000000006953546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a6daff9453ce7a2022-01-05 10:00:50.961root 11241100x80000000000000006953547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aac30d93c98e4d2022-01-05 10:00:50.962root 11241100x80000000000000006953548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752663db4f14f0ec2022-01-05 10:00:51.460root 11241100x80000000000000006953549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5723763a04ba192022-01-05 10:00:51.460root 11241100x80000000000000006953550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98cba222e88cb472022-01-05 10:00:51.460root 11241100x80000000000000006953551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fac85aa07a754652022-01-05 10:00:51.460root 11241100x80000000000000006953552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96babeeaeef24652022-01-05 10:00:51.460root 11241100x80000000000000006953553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf05e13b78f47072022-01-05 10:00:51.460root 11241100x80000000000000006953554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e892e99a2610b02022-01-05 10:00:51.460root 11241100x80000000000000006953555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b09cebc22c79102022-01-05 10:00:51.460root 11241100x80000000000000006953556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f907f1d3e1b1e2a2022-01-05 10:00:51.460root 11241100x80000000000000006953557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0b2e0606c1a5e12022-01-05 10:00:51.460root 11241100x80000000000000006953558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11a6209f8c6bfa2022-01-05 10:00:51.460root 11241100x80000000000000006953559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8247851b1ce5c8082022-01-05 10:00:51.461root 11241100x80000000000000006953560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddda8c44fd514222022-01-05 10:00:51.461root 11241100x80000000000000006953561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633d8262028a34ec2022-01-05 10:00:51.461root 11241100x80000000000000006953562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c6f6febc21d88b2022-01-05 10:00:51.461root 11241100x80000000000000006953563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2233b07596b20132022-01-05 10:00:51.461root 11241100x80000000000000006953564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e84c918f719f7632022-01-05 10:00:51.461root 11241100x80000000000000006953565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cb72505391c44e2022-01-05 10:00:51.461root 11241100x80000000000000006953566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b91b95fbba0eed22022-01-05 10:00:51.461root 11241100x80000000000000006953567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f0ca1377b75b002022-01-05 10:00:51.960root 11241100x80000000000000006953568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da14ed08c5a9f2d22022-01-05 10:00:51.960root 11241100x80000000000000006953569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a126705982f68ac02022-01-05 10:00:51.960root 11241100x80000000000000006953570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26615ccd6212421b2022-01-05 10:00:51.960root 11241100x80000000000000006953571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270d36731a64896d2022-01-05 10:00:51.960root 11241100x80000000000000006953572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df5705c79fae66f2022-01-05 10:00:51.960root 11241100x80000000000000006953573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e796b65ec26d0d062022-01-05 10:00:51.960root 11241100x80000000000000006953574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8afc2521d521ee2022-01-05 10:00:51.960root 11241100x80000000000000006953575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbfef1d748eac002022-01-05 10:00:51.960root 11241100x80000000000000006953576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5d5c1c8164e76c2022-01-05 10:00:51.961root 11241100x80000000000000006953577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396c71aad11e359b2022-01-05 10:00:51.961root 11241100x80000000000000006953578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c2c53e3de156f52022-01-05 10:00:51.961root 11241100x80000000000000006953579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0f4c1005c04c152022-01-05 10:00:51.961root 11241100x80000000000000006953580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc299797ba53ab2d2022-01-05 10:00:51.961root 11241100x80000000000000006953581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e673e7458fcd70292022-01-05 10:00:51.961root 11241100x80000000000000006953582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1a08d7b0c627562022-01-05 10:00:51.961root 11241100x80000000000000006953583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b81d1fb71f18fe2022-01-05 10:00:51.961root 11241100x80000000000000006953584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e82830bf4727a912022-01-05 10:00:51.961root 11241100x80000000000000006953585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aadb958e10706d32022-01-05 10:00:51.961root 11241100x80000000000000006953586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bd513c4d16d2e72022-01-05 10:00:52.460root 11241100x80000000000000006953587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbaf853426f3ecc2022-01-05 10:00:52.460root 11241100x80000000000000006953588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04377cce2cbd7d672022-01-05 10:00:52.461root 11241100x80000000000000006953589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218140fd721bceda2022-01-05 10:00:52.461root 11241100x80000000000000006953590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d99c387fab9f72022-01-05 10:00:52.461root 11241100x80000000000000006953591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53386119a054ec92022-01-05 10:00:52.461root 11241100x80000000000000006953592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a03b4174532f40f2022-01-05 10:00:52.461root 11241100x80000000000000006953593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bbda8f927666b72022-01-05 10:00:52.461root 11241100x80000000000000006953594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdd91d491756f2d2022-01-05 10:00:52.461root 11241100x80000000000000006953595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9655e5183264f19e2022-01-05 10:00:52.461root 11241100x80000000000000006953596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881ae7a009e99bee2022-01-05 10:00:52.461root 11241100x80000000000000006953597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a040af2c6167c72022-01-05 10:00:52.461root 11241100x80000000000000006953598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaaf9deedf50b522022-01-05 10:00:52.462root 11241100x80000000000000006953599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e54f4bfc08f2072022-01-05 10:00:52.462root 11241100x80000000000000006953600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6d149c82b7977c2022-01-05 10:00:52.462root 11241100x80000000000000006953601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8f59381be8765f2022-01-05 10:00:52.462root 11241100x80000000000000006953602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6334d5f89bd246c2022-01-05 10:00:52.463root 11241100x80000000000000006953603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494c3f1303e7df682022-01-05 10:00:52.463root 11241100x80000000000000006953604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50996011fd1c78aa2022-01-05 10:00:52.463root 11241100x80000000000000006953605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba27ec249c7af3a2022-01-05 10:00:52.960root 11241100x80000000000000006953606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d31c0f8fd001302022-01-05 10:00:52.960root 11241100x80000000000000006953607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4165185c9e8121702022-01-05 10:00:52.960root 11241100x80000000000000006953608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b304b8f9904e5d2022-01-05 10:00:52.960root 11241100x80000000000000006953609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dad6edbb92342162022-01-05 10:00:52.960root 11241100x80000000000000006953610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c724753a41ece92022-01-05 10:00:52.960root 11241100x80000000000000006953611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8734fb1b2749a9cb2022-01-05 10:00:52.960root 11241100x80000000000000006953612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b13093206b916b32022-01-05 10:00:52.961root 11241100x80000000000000006953613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acceaa9cbc4d906e2022-01-05 10:00:52.961root 11241100x80000000000000006953614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e5f31dc43c8af2022-01-05 10:00:52.961root 11241100x80000000000000006953615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf1b3d5c26b43562022-01-05 10:00:52.961root 11241100x80000000000000006953616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195e4e1ebea86e9d2022-01-05 10:00:52.961root 11241100x80000000000000006953617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c551e6e097da10462022-01-05 10:00:52.961root 11241100x80000000000000006953618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ce13ba220c55b62022-01-05 10:00:52.961root 11241100x80000000000000006953619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57fcc0a3f758f572022-01-05 10:00:52.962root 11241100x80000000000000006953620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9bc181050739712022-01-05 10:00:52.962root 11241100x80000000000000006953621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979dc52ada9f30452022-01-05 10:00:52.962root 11241100x80000000000000006953622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d038d343f41cf4932022-01-05 10:00:52.962root 11241100x80000000000000006953623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a1c326cdfe897d2022-01-05 10:00:52.962root 11241100x80000000000000006953624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2639506b3dcc6b52022-01-05 10:00:53.459root 11241100x80000000000000006953625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b77ab364d455c4e2022-01-05 10:00:53.459root 11241100x80000000000000006953626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375b9ea7ed3f4ddc2022-01-05 10:00:53.459root 11241100x80000000000000006953627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73223b71ec727232022-01-05 10:00:53.459root 11241100x80000000000000006953628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b1d843db9954112022-01-05 10:00:53.460root 11241100x80000000000000006953629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9556fa26f56110202022-01-05 10:00:53.460root 11241100x80000000000000006953630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f7772d0a42c3102022-01-05 10:00:53.460root 11241100x80000000000000006953631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4317a96976b1f52022-01-05 10:00:53.460root 11241100x80000000000000006953632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de65f05ee838d412022-01-05 10:00:53.460root 11241100x80000000000000006953633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e92bfc408accf82022-01-05 10:00:53.460root 11241100x80000000000000006953634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2338df684db92e742022-01-05 10:00:53.460root 11241100x80000000000000006953635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b8acff4349d1642022-01-05 10:00:53.460root 11241100x80000000000000006953636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d532316c9edc70602022-01-05 10:00:53.460root 11241100x80000000000000006953637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedb79e12e1eed652022-01-05 10:00:53.460root 11241100x80000000000000006953638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d895d490c25b622022-01-05 10:00:53.460root 11241100x80000000000000006953639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9ca9f9013b017d2022-01-05 10:00:53.460root 11241100x80000000000000006953640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb73e2c28a268882022-01-05 10:00:53.460root 11241100x80000000000000006953641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a3111b72e806a92022-01-05 10:00:53.460root 11241100x80000000000000006953642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938446d2efe305e72022-01-05 10:00:53.460root 11241100x80000000000000006953643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd2a982d58b620f2022-01-05 10:00:53.460root 11241100x80000000000000006953644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba1089ec39762b62022-01-05 10:00:53.461root 11241100x80000000000000006953645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89f0e7b749158dd2022-01-05 10:00:53.461root 11241100x80000000000000006953646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91a3c106c6409c92022-01-05 10:00:53.461root 11241100x80000000000000006953647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d10581eccbb6822022-01-05 10:00:53.461root 11241100x80000000000000006953648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d0baef81a948c02022-01-05 10:00:53.461root 11241100x80000000000000006953649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab33327ccec2b452022-01-05 10:00:53.461root 11241100x80000000000000006953650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1424f714b91a2eb72022-01-05 10:00:53.461root 11241100x80000000000000006953651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa269cc4f4496142022-01-05 10:00:53.461root 11241100x80000000000000006953652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdeb0e9381325412022-01-05 10:00:53.461root 11241100x80000000000000006953653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8480163d714324cd2022-01-05 10:00:53.461root 11241100x80000000000000006953654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f077d4a586633c2022-01-05 10:00:53.461root 11241100x80000000000000006953655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96910f1df3740cd2022-01-05 10:00:53.960root 11241100x80000000000000006953656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f038369b34f89672022-01-05 10:00:53.960root 11241100x80000000000000006953657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcf9c0aa417a3082022-01-05 10:00:53.960root 11241100x80000000000000006953658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92dffb25e0819f52022-01-05 10:00:53.960root 11241100x80000000000000006953659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f0e7a1f9e3e5ea2022-01-05 10:00:53.960root 11241100x80000000000000006953660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8d46b7bff528b32022-01-05 10:00:53.960root 11241100x80000000000000006953661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8957846013c4f5a42022-01-05 10:00:53.960root 11241100x80000000000000006953662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb19e7284345c0c2022-01-05 10:00:53.960root 11241100x80000000000000006953663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276b17988608f58b2022-01-05 10:00:53.960root 11241100x80000000000000006953664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9b70093114a2462022-01-05 10:00:53.961root 11241100x80000000000000006953665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80322e04c7b604d2022-01-05 10:00:53.961root 11241100x80000000000000006953666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3047c4838f9e6cc32022-01-05 10:00:53.961root 11241100x80000000000000006953667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3037ca9e25978f9e2022-01-05 10:00:53.961root 11241100x80000000000000006953668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f524e9deb339762022-01-05 10:00:53.961root 11241100x80000000000000006953669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a84051fb9e958252022-01-05 10:00:53.961root 11241100x80000000000000006953670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c960d2e307ebd3aa2022-01-05 10:00:53.961root 11241100x80000000000000006953671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4d96ffe0254a332022-01-05 10:00:53.961root 11241100x80000000000000006953672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ba8be313f509ca2022-01-05 10:00:53.961root 11241100x80000000000000006953673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06a3d0f2b5d98f12022-01-05 10:00:53.961root 11241100x80000000000000006953674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a6474c67a134892022-01-05 10:00:54.459root 11241100x80000000000000006953675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4e70ebed8677fd2022-01-05 10:00:54.459root 11241100x80000000000000006953676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f607d816efe4a572022-01-05 10:00:54.459root 11241100x80000000000000006953677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e881e5e10aa0ad2022-01-05 10:00:54.459root 11241100x80000000000000006953678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd90c2f471d8ca82022-01-05 10:00:54.459root 11241100x80000000000000006953679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6c8967a68c56912022-01-05 10:00:54.460root 11241100x80000000000000006953680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477fcbcf76b582552022-01-05 10:00:54.460root 11241100x80000000000000006953681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c77eabd0c8003c2022-01-05 10:00:54.460root 11241100x80000000000000006953682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c372bb00b5ae4d3d2022-01-05 10:00:54.460root 11241100x80000000000000006953683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fd6553f7cb9f282022-01-05 10:00:54.460root 11241100x80000000000000006953684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b116320f9d35a28a2022-01-05 10:00:54.460root 11241100x80000000000000006953685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c667a0271839082022-01-05 10:00:54.460root 11241100x80000000000000006953686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf69fbf308b15b42022-01-05 10:00:54.460root 11241100x80000000000000006953687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cb27c8e70fbd242022-01-05 10:00:54.460root 11241100x80000000000000006953688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d495d09b442f78b2022-01-05 10:00:54.461root 11241100x80000000000000006953689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7ecfe4425d6aa92022-01-05 10:00:54.461root 11241100x80000000000000006953690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc34cd775da3e342022-01-05 10:00:54.461root 11241100x80000000000000006953691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015a5835496ad0c02022-01-05 10:00:54.461root 11241100x80000000000000006953692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575a3930625b34462022-01-05 10:00:54.461root 11241100x80000000000000006953693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baa28d9776fda5e2022-01-05 10:00:54.461root 11241100x80000000000000006953694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb27d728b5ec6992022-01-05 10:00:54.960root 11241100x80000000000000006953695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644a1269d845bfcf2022-01-05 10:00:54.960root 11241100x80000000000000006953696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84503704b1d846232022-01-05 10:00:54.960root 11241100x80000000000000006953697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994285598d5bb8e62022-01-05 10:00:54.960root 11241100x80000000000000006953698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86c7b2e868a85462022-01-05 10:00:54.960root 11241100x80000000000000006953699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae05547491fe03982022-01-05 10:00:54.960root 11241100x80000000000000006953700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0023adc306b26af02022-01-05 10:00:54.960root 11241100x80000000000000006953701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1211521f75b313a2022-01-05 10:00:54.960root 11241100x80000000000000006953702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dc9988d74eaece2022-01-05 10:00:54.961root 11241100x80000000000000006953703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deb56d52922f7f42022-01-05 10:00:54.961root 11241100x80000000000000006953704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f35387ae3b14ff2022-01-05 10:00:54.961root 11241100x80000000000000006953705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a10f4140b306b492022-01-05 10:00:54.961root 11241100x80000000000000006953706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340530925d5424312022-01-05 10:00:54.961root 11241100x80000000000000006953707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b9bf2a36433e9f2022-01-05 10:00:54.961root 11241100x80000000000000006953708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cbe43adf4e30f92022-01-05 10:00:54.961root 11241100x80000000000000006953709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50ba15dc809b0282022-01-05 10:00:54.961root 11241100x80000000000000006953710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6507bb383654c0942022-01-05 10:00:54.961root 11241100x80000000000000006953711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dfad69450310042022-01-05 10:00:54.961root 11241100x80000000000000006953712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb9b4d545631ed2022-01-05 10:00:54.962root 354300x80000000000000006953713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.220{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41672-false10.0.1.12-8000- 11241100x80000000000000006953714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea886281e6bbab32022-01-05 10:00:55.220root 11241100x80000000000000006953715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a008ef6da2a11b2022-01-05 10:00:55.220root 11241100x80000000000000006953716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e18da734d17e6e2022-01-05 10:00:55.220root 11241100x80000000000000006953717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76775b5b175ad0342022-01-05 10:00:55.221root 11241100x80000000000000006953718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6c8e97d7107c2d2022-01-05 10:00:55.221root 11241100x80000000000000006953719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebd596a688c56812022-01-05 10:00:55.221root 11241100x80000000000000006953720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a6f9932acbdb42022-01-05 10:00:55.221root 11241100x80000000000000006953721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da291a493bfd2ec92022-01-05 10:00:55.221root 11241100x80000000000000006953722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef082749daaef33e2022-01-05 10:00:55.221root 11241100x80000000000000006953723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c1ff319121e4ff2022-01-05 10:00:55.221root 11241100x80000000000000006953724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfea7aa90aaf2db2022-01-05 10:00:55.221root 11241100x80000000000000006953725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea32352a9335a6902022-01-05 10:00:55.221root 11241100x80000000000000006953726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61689a6f867fcb632022-01-05 10:00:55.221root 11241100x80000000000000006953727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c744654fea90a6262022-01-05 10:00:55.221root 11241100x80000000000000006953728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391129dbd4095daa2022-01-05 10:00:55.221root 11241100x80000000000000006953729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd516902a5985642022-01-05 10:00:55.221root 11241100x80000000000000006953730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5618c4112eda524f2022-01-05 10:00:55.221root 11241100x80000000000000006953731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c55e7a0b640c02022-01-05 10:00:55.221root 11241100x80000000000000006953732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb37412f43ae0f62022-01-05 10:00:55.222root 11241100x80000000000000006953733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31829c58af8f520d2022-01-05 10:00:55.222root 11241100x80000000000000006953734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c571f37db618b9672022-01-05 10:00:55.222root 11241100x80000000000000006953735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4025808b1da950a2022-01-05 10:00:55.222root 11241100x80000000000000006953736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072b84bb422029432022-01-05 10:00:55.709root 11241100x80000000000000006953737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4e08a284385c8b2022-01-05 10:00:55.709root 11241100x80000000000000006953738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db8416f004112a32022-01-05 10:00:55.710root 11241100x80000000000000006953739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c34d07ccf7b282022-01-05 10:00:55.710root 11241100x80000000000000006953740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3c5fa2165028192022-01-05 10:00:55.710root 11241100x80000000000000006953741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4509f802bf4219822022-01-05 10:00:55.710root 11241100x80000000000000006953742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a975d41e6aef0d912022-01-05 10:00:55.710root 11241100x80000000000000006953743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f7b9337aa980c92022-01-05 10:00:55.711root 11241100x80000000000000006953744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f038df4f46524b2022-01-05 10:00:55.711root 11241100x80000000000000006953745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31bcca93bef66562022-01-05 10:00:55.711root 11241100x80000000000000006953746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde12a1bf7fba4102022-01-05 10:00:55.711root 11241100x80000000000000006953747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fdefec5d7421c52022-01-05 10:00:55.711root 11241100x80000000000000006953748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19790871bad46cb2022-01-05 10:00:55.712root 11241100x80000000000000006953749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61253bce4886d95e2022-01-05 10:00:55.712root 11241100x80000000000000006953750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a360c9c29ae01142022-01-05 10:00:55.712root 11241100x80000000000000006953751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aefc636506baf362022-01-05 10:00:55.712root 11241100x80000000000000006953752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac3759ec38eadf2022-01-05 10:00:55.713root 11241100x80000000000000006953753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ddf26769c709702022-01-05 10:00:55.713root 11241100x80000000000000006953754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247766d70fba7a592022-01-05 10:00:55.713root 11241100x80000000000000006953755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d676e1875368b6b52022-01-05 10:00:55.713root 11241100x80000000000000006953756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43ec8d4588523292022-01-05 10:00:56.210root 11241100x80000000000000006953757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32cb40c717df25c2022-01-05 10:00:56.210root 11241100x80000000000000006953758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d88f290cbc3db22022-01-05 10:00:56.210root 11241100x80000000000000006953759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce5b38ffe165e302022-01-05 10:00:56.210root 11241100x80000000000000006953760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d285a69e0d48fe2022-01-05 10:00:56.210root 11241100x80000000000000006953761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def12dbebb108aab2022-01-05 10:00:56.210root 11241100x80000000000000006953762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f4829c78cc240b2022-01-05 10:00:56.210root 11241100x80000000000000006953763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a26097cd9577cec2022-01-05 10:00:56.210root 11241100x80000000000000006953764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb43f92b5e3648c92022-01-05 10:00:56.210root 11241100x80000000000000006953765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666dee524423df322022-01-05 10:00:56.210root 11241100x80000000000000006953766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1e7631bd5e80c12022-01-05 10:00:56.210root 11241100x80000000000000006953767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15568b647bdddbc2022-01-05 10:00:56.211root 11241100x80000000000000006953768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687c8cb193d0ab9f2022-01-05 10:00:56.211root 11241100x80000000000000006953769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceeae59f53d57bb2022-01-05 10:00:56.211root 11241100x80000000000000006953770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b23d777466cc9132022-01-05 10:00:56.211root 11241100x80000000000000006953771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81da6248b27cafe82022-01-05 10:00:56.212root 11241100x80000000000000006953772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304fbcfbd8cc82822022-01-05 10:00:56.212root 11241100x80000000000000006953773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916d3ebd563a87bc2022-01-05 10:00:56.212root 11241100x80000000000000006953774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9624a55f3d394c7b2022-01-05 10:00:56.212root 11241100x80000000000000006953775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faa7cbed7882a372022-01-05 10:00:56.212root 11241100x80000000000000006953776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48457392c28aca442022-01-05 10:00:56.710root 11241100x80000000000000006953777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760ae102a21b61162022-01-05 10:00:56.710root 11241100x80000000000000006953778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45f260f4575ba732022-01-05 10:00:56.710root 11241100x80000000000000006953779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db594d3cbabe0e22022-01-05 10:00:56.710root 11241100x80000000000000006953780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6956f760d13f71b22022-01-05 10:00:56.710root 11241100x80000000000000006953781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a2aa79a08128dd2022-01-05 10:00:56.710root 11241100x80000000000000006953782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f703721dcf11bb2022-01-05 10:00:56.710root 11241100x80000000000000006953783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3af25d2b1f7ad92022-01-05 10:00:56.710root 11241100x80000000000000006953784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9679ee181b135c172022-01-05 10:00:56.711root 11241100x80000000000000006953785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af44ef0cb000720f2022-01-05 10:00:56.711root 11241100x80000000000000006953786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c21d716a9166b12022-01-05 10:00:56.711root 11241100x80000000000000006953787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79500391c6df55d82022-01-05 10:00:56.711root 11241100x80000000000000006953788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109a604eb0e3d7832022-01-05 10:00:56.711root 11241100x80000000000000006953789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d6412daf6134792022-01-05 10:00:56.711root 11241100x80000000000000006953790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f531195bedadb82022-01-05 10:00:56.711root 11241100x80000000000000006953791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da72ea1c6365f0882022-01-05 10:00:56.711root 11241100x80000000000000006953792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a110d72454c0fa42022-01-05 10:00:56.711root 11241100x80000000000000006953793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7c8aae6b0508b02022-01-05 10:00:56.712root 11241100x80000000000000006953794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41a2dcafe54b1b32022-01-05 10:00:56.712root 11241100x80000000000000006953795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb640d2e557748e52022-01-05 10:00:56.712root 11241100x80000000000000006953796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f365935cf88e0c2022-01-05 10:00:57.209root 11241100x80000000000000006953797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a865e596d4bd0fa2022-01-05 10:00:57.209root 11241100x80000000000000006953798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06e3a204ba91d772022-01-05 10:00:57.209root 11241100x80000000000000006953799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e62bdbe0f3a6d42022-01-05 10:00:57.209root 11241100x80000000000000006953800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7645ededa1b1b1b52022-01-05 10:00:57.209root 11241100x80000000000000006953801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2096862ccc4b26252022-01-05 10:00:57.209root 11241100x80000000000000006953802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b8b043ce9c8522022-01-05 10:00:57.210root 11241100x80000000000000006953803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd86647a4aa099b2022-01-05 10:00:57.210root 11241100x80000000000000006953804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058b65c0e57e035c2022-01-05 10:00:57.210root 11241100x80000000000000006953805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971238144c2d10f22022-01-05 10:00:57.210root 11241100x80000000000000006953806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eacaeca75c49f32022-01-05 10:00:57.210root 11241100x80000000000000006953807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a18061399ab3be2022-01-05 10:00:57.210root 11241100x80000000000000006953808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430b119c4eda44352022-01-05 10:00:57.210root 11241100x80000000000000006953809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f597d9f52bccf92022-01-05 10:00:57.210root 11241100x80000000000000006953810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660e5fbc07aac7a82022-01-05 10:00:57.210root 11241100x80000000000000006953811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ed19a44ea2295d2022-01-05 10:00:57.210root 11241100x80000000000000006953812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f901c8a89153a52022-01-05 10:00:57.210root 11241100x80000000000000006953813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f3cb6e95b6a6442022-01-05 10:00:57.210root 11241100x80000000000000006953814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d0221da7bf1b2a2022-01-05 10:00:57.211root 11241100x80000000000000006953815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2bcfae8379e8eb2022-01-05 10:00:57.211root 11241100x80000000000000006953816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f44d0e2ed87daa2022-01-05 10:00:57.211root 11241100x80000000000000006953817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aaf4c8c23e21032022-01-05 10:00:57.211root 11241100x80000000000000006953818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aa9ed59a101e942022-01-05 10:00:57.211root 11241100x80000000000000006953819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4cb81d396ae29e2022-01-05 10:00:57.211root 11241100x80000000000000006953820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c18e1e552e0d2192022-01-05 10:00:57.211root 11241100x80000000000000006953821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c444dcd579369ac42022-01-05 10:00:57.211root 11241100x80000000000000006953822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291eeb748191ee092022-01-05 10:00:57.211root 11241100x80000000000000006953823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1cac6136d20712022-01-05 10:00:57.211root 11241100x80000000000000006953824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137931075358b6aa2022-01-05 10:00:57.211root 11241100x80000000000000006953825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7758188dd1970eb72022-01-05 10:00:57.211root 11241100x80000000000000006953826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddfe28b72a9426f2022-01-05 10:00:57.212root 11241100x80000000000000006953827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e068842e3e37472022-01-05 10:00:57.212root 11241100x80000000000000006953828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92751eded660b9e92022-01-05 10:00:57.212root 11241100x80000000000000006953829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b6b02f5c32c7c62022-01-05 10:00:57.710root 11241100x80000000000000006953830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a685f47c01dee6662022-01-05 10:00:57.710root 11241100x80000000000000006953831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca7551a7e31a1d62022-01-05 10:00:57.710root 11241100x80000000000000006953832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b01d2eaeaf4d292022-01-05 10:00:57.710root 11241100x80000000000000006953833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b3228751bb8d262022-01-05 10:00:57.710root 11241100x80000000000000006953834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b82d71ea27dbc222022-01-05 10:00:57.710root 11241100x80000000000000006953835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071247363c20b7332022-01-05 10:00:57.710root 11241100x80000000000000006953836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86512dad854102432022-01-05 10:00:57.710root 11241100x80000000000000006953837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488361588154fb9c2022-01-05 10:00:57.711root 11241100x80000000000000006953838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec84ba895ed3c1732022-01-05 10:00:57.711root 11241100x80000000000000006953839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203653427f31a4532022-01-05 10:00:57.711root 11241100x80000000000000006953840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d63a99ea4762f92022-01-05 10:00:57.711root 11241100x80000000000000006953841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ca905c80a96a862022-01-05 10:00:57.711root 11241100x80000000000000006953842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd03276c7f6c4a22022-01-05 10:00:57.711root 11241100x80000000000000006953843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709a6446eb2b184a2022-01-05 10:00:57.711root 11241100x80000000000000006953844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800a86c14198e8ba2022-01-05 10:00:57.712root 11241100x80000000000000006953845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09015139b05595342022-01-05 10:00:57.712root 11241100x80000000000000006953846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408dc3bf13360ca62022-01-05 10:00:57.712root 11241100x80000000000000006953847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23410569ae81423a2022-01-05 10:00:57.712root 11241100x80000000000000006953848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abc2d8cbaec72b92022-01-05 10:00:57.712root 11241100x80000000000000006953849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9dc0cb9ed41bb22022-01-05 10:00:58.209root 11241100x80000000000000006953850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6399ffb9346ac0e2022-01-05 10:00:58.209root 11241100x80000000000000006953851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a75867fac29822d2022-01-05 10:00:58.209root 11241100x80000000000000006953852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4ade709d90f9da2022-01-05 10:00:58.209root 11241100x80000000000000006953853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29bcf2e7146ebac2022-01-05 10:00:58.210root 11241100x80000000000000006953854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bbb21a0ef421dd2022-01-05 10:00:58.210root 11241100x80000000000000006953855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8e3ae16cda43072022-01-05 10:00:58.210root 11241100x80000000000000006953856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaa100aef4aaa242022-01-05 10:00:58.210root 11241100x80000000000000006953857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfb824c4c18837c2022-01-05 10:00:58.210root 11241100x80000000000000006953858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57571f1b643cf4a42022-01-05 10:00:58.210root 11241100x80000000000000006953859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0240dce6ff2d055d2022-01-05 10:00:58.210root 11241100x80000000000000006953860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edd7bf8eff108ca2022-01-05 10:00:58.210root 11241100x80000000000000006953861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d53b3e3647b9fb2022-01-05 10:00:58.210root 11241100x80000000000000006953862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdbedd28e586fa42022-01-05 10:00:58.210root 11241100x80000000000000006953863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c6de96f987919f2022-01-05 10:00:58.210root 11241100x80000000000000006953864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13e160520acf66c2022-01-05 10:00:58.210root 11241100x80000000000000006953865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cde253246afe462022-01-05 10:00:58.210root 11241100x80000000000000006953866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f20a995d3547692022-01-05 10:00:58.210root 11241100x80000000000000006953867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ae09f3fbd8c4e62022-01-05 10:00:58.211root 11241100x80000000000000006953868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e9226fd431d1472022-01-05 10:00:58.211root 11241100x80000000000000006953869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e18ae9142ae6742022-01-05 10:00:58.709root 11241100x80000000000000006953870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7beefedf8baaa92022-01-05 10:00:58.709root 11241100x80000000000000006953871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0d3bfa544a25662022-01-05 10:00:58.710root 11241100x80000000000000006953872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cdcf12a29960cf2022-01-05 10:00:58.710root 11241100x80000000000000006953873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d49063a60d133f32022-01-05 10:00:58.710root 11241100x80000000000000006953874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5eca62d21875592022-01-05 10:00:58.710root 11241100x80000000000000006953875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312a97cfa4a78fa92022-01-05 10:00:58.710root 11241100x80000000000000006953876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e0a5dc49a36e322022-01-05 10:00:58.710root 11241100x80000000000000006953877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12834b1003b3c1c32022-01-05 10:00:58.710root 11241100x80000000000000006953878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9c74d4676f5a382022-01-05 10:00:58.710root 11241100x80000000000000006953879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809a39428cc4c7852022-01-05 10:00:58.710root 11241100x80000000000000006953880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8749a8fe781d7b342022-01-05 10:00:58.710root 11241100x80000000000000006953881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bdab4ba23e04932022-01-05 10:00:58.710root 11241100x80000000000000006953882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd94f6ba5bdf3a882022-01-05 10:00:58.711root 11241100x80000000000000006953883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45bf8b0131bf842022-01-05 10:00:58.711root 11241100x80000000000000006953884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776c6d0ce05051d62022-01-05 10:00:58.711root 11241100x80000000000000006953885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f137b83555e722022-01-05 10:00:58.711root 11241100x80000000000000006953886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131c10a113ac20322022-01-05 10:00:58.711root 11241100x80000000000000006953887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c60d59320da7db2022-01-05 10:00:58.711root 11241100x80000000000000006953888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e77614e22334042022-01-05 10:00:58.711root 11241100x80000000000000006953889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab4291e7ec8d7932022-01-05 10:00:59.209root 11241100x80000000000000006953890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d32e819981c0b92022-01-05 10:00:59.209root 11241100x80000000000000006953891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe47f12dc01b1bd2022-01-05 10:00:59.210root 11241100x80000000000000006953892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46930a4ecb9c414d2022-01-05 10:00:59.210root 11241100x80000000000000006953893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb55d76ef4a45d22022-01-05 10:00:59.210root 11241100x80000000000000006953894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4313978368cbae402022-01-05 10:00:59.211root 11241100x80000000000000006953895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1ef750e07f125f2022-01-05 10:00:59.211root 11241100x80000000000000006953896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3194113ba3025fc2022-01-05 10:00:59.211root 11241100x80000000000000006953897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cd7b3b5d6404232022-01-05 10:00:59.211root 11241100x80000000000000006953898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d5fcf81bda3efd2022-01-05 10:00:59.211root 11241100x80000000000000006953899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb811550c9b5242a2022-01-05 10:00:59.211root 11241100x80000000000000006953900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ad642c6028fd62022-01-05 10:00:59.212root 11241100x80000000000000006953901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcc3df4f3f2a5b22022-01-05 10:00:59.212root 11241100x80000000000000006953902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55b5a8dba3b20872022-01-05 10:00:59.212root 11241100x80000000000000006953903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51d929c5dab0d2d2022-01-05 10:00:59.212root 11241100x80000000000000006953904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc8e1bc8503deae2022-01-05 10:00:59.212root 11241100x80000000000000006953905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6510ed15b79ccc82022-01-05 10:00:59.212root 11241100x80000000000000006953906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624106450bf572872022-01-05 10:00:59.212root 11241100x80000000000000006953907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9286c13b1107f1c22022-01-05 10:00:59.212root 11241100x80000000000000006953908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4a2eb6b4cd95502022-01-05 10:00:59.212root 11241100x80000000000000006953909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87319f6c4da3f3d32022-01-05 10:00:59.213root 11241100x80000000000000006953910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:00:59.222root 11241100x80000000000000006953911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980c76064bbe66732022-01-05 10:00:59.709root 11241100x80000000000000006953912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25df9353484ae7cd2022-01-05 10:00:59.709root 11241100x80000000000000006953913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4321efa6d7965f2022-01-05 10:00:59.709root 11241100x80000000000000006953914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3605b1f30c9f072022-01-05 10:00:59.709root 11241100x80000000000000006953915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f40551a80f2e6a72022-01-05 10:00:59.709root 11241100x80000000000000006953916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd18946946a49f362022-01-05 10:00:59.709root 11241100x80000000000000006953917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6e4485613b01502022-01-05 10:00:59.710root 11241100x80000000000000006953918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28499fc353cae8a32022-01-05 10:00:59.710root 11241100x80000000000000006953919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89539a16e36895aa2022-01-05 10:00:59.710root 11241100x80000000000000006953920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37d42a4878ad6042022-01-05 10:00:59.710root 11241100x80000000000000006953921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c83ae30440421d2022-01-05 10:00:59.710root 11241100x80000000000000006953922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624f596fa36ddecf2022-01-05 10:00:59.710root 11241100x80000000000000006953923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02194c00e86bae52022-01-05 10:00:59.710root 11241100x80000000000000006953924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d390a1953a39a2f92022-01-05 10:00:59.710root 11241100x80000000000000006953925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf2cc57b6dd02912022-01-05 10:00:59.710root 11241100x80000000000000006953926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a318bf30315f172022-01-05 10:00:59.710root 11241100x80000000000000006953927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b46100b92d72d92022-01-05 10:00:59.710root 11241100x80000000000000006953928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c393e747e5f2ba652022-01-05 10:00:59.711root 11241100x80000000000000006953929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f602b7afd17a32022-01-05 10:00:59.711root 11241100x80000000000000006953930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fde70473eecaa42022-01-05 10:00:59.711root 11241100x80000000000000006953931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6a866baad75e582022-01-05 10:00:59.711root 11241100x80000000000000006953932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a666fff659b0599c2022-01-05 10:01:00.210root 11241100x80000000000000006953933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fca4a959a756b02022-01-05 10:01:00.210root 11241100x80000000000000006953934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6e476589e4adac2022-01-05 10:01:00.210root 11241100x80000000000000006953935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a8704da91834a2022-01-05 10:01:00.210root 11241100x80000000000000006953936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a379f1d18da82e92022-01-05 10:01:00.210root 11241100x80000000000000006953937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fe3b91028d2f272022-01-05 10:01:00.210root 11241100x80000000000000006953938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df587072edb51aea2022-01-05 10:01:00.210root 11241100x80000000000000006953939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd0ce00bf03af772022-01-05 10:01:00.210root 11241100x80000000000000006953940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ea81317c3a169e2022-01-05 10:01:00.211root 11241100x80000000000000006953941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201e05883aa3e2882022-01-05 10:01:00.211root 11241100x80000000000000006953942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbce7df70e7e29e2022-01-05 10:01:00.211root 11241100x80000000000000006953943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6e9895d939246f2022-01-05 10:01:00.211root 11241100x80000000000000006953944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9d14b89b2511bb2022-01-05 10:01:00.211root 11241100x80000000000000006953945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf910e93b44dda82022-01-05 10:01:00.211root 11241100x80000000000000006953946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad64bba62e62cd12022-01-05 10:01:00.211root 11241100x80000000000000006953947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12478f7f3aceadcc2022-01-05 10:01:00.211root 11241100x80000000000000006953948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9b49acf680edcb2022-01-05 10:01:00.211root 11241100x80000000000000006953949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272aeb80eb45771e2022-01-05 10:01:00.212root 11241100x80000000000000006953950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fd31354260224c2022-01-05 10:01:00.212root 11241100x80000000000000006953951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d140f5cccd02f1e2022-01-05 10:01:00.212root 11241100x80000000000000006953952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05542064e68302862022-01-05 10:01:00.212root 11241100x80000000000000006953953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcac955b954310bc2022-01-05 10:01:00.710root 11241100x80000000000000006953954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8247ca2ba073a8cc2022-01-05 10:01:00.710root 11241100x80000000000000006953955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ed40cd6ba2edbe2022-01-05 10:01:00.710root 11241100x80000000000000006953956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3c9b501a3e75582022-01-05 10:01:00.710root 11241100x80000000000000006953957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c83b1ce45d47332022-01-05 10:01:00.711root 11241100x80000000000000006953958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cbf582d2892dd02022-01-05 10:01:00.711root 11241100x80000000000000006953959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436eecaa3b97400f2022-01-05 10:01:00.711root 11241100x80000000000000006953960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2842d4e8b1928582022-01-05 10:01:00.711root 11241100x80000000000000006953961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d346551d7aa81c082022-01-05 10:01:00.712root 11241100x80000000000000006953962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011e58372203bbc82022-01-05 10:01:00.712root 11241100x80000000000000006953963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231a833ae5d041f52022-01-05 10:01:00.712root 11241100x80000000000000006953964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87ce294e588e1c02022-01-05 10:01:00.712root 11241100x80000000000000006953965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5513c24aa075071b2022-01-05 10:01:00.712root 11241100x80000000000000006953966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7543bb430b4944ea2022-01-05 10:01:00.712root 11241100x80000000000000006953967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a929c219d94f5cd62022-01-05 10:01:00.712root 11241100x80000000000000006953968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c1f8051a5ef3fb2022-01-05 10:01:00.712root 11241100x80000000000000006953969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2179a8ecaf6e6fb52022-01-05 10:01:00.712root 11241100x80000000000000006953970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6dec3ad7e85f8e2022-01-05 10:01:00.712root 11241100x80000000000000006953971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e854c021042bda5d2022-01-05 10:01:00.712root 11241100x80000000000000006953972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe40132e7eb0d9d2022-01-05 10:01:00.713root 11241100x80000000000000006953973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f967fffbf98784f72022-01-05 10:01:00.713root 354300x80000000000000006953974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.059{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41674-false10.0.1.12-8000- 11241100x80000000000000006953975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2fb126f650373e2022-01-05 10:01:01.060root 11241100x80000000000000006953976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c6044a4da93bc12022-01-05 10:01:01.060root 11241100x80000000000000006953977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c1745ec21d05182022-01-05 10:01:01.060root 11241100x80000000000000006953978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55efe0266c1bd5d2022-01-05 10:01:01.060root 11241100x80000000000000006953979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94eb801b9072ae4f2022-01-05 10:01:01.060root 11241100x80000000000000006953980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7389cf39e6b5f7a2022-01-05 10:01:01.060root 11241100x80000000000000006953981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c407e23163cec52022-01-05 10:01:01.061root 11241100x80000000000000006953982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3656b6febbb301fb2022-01-05 10:01:01.061root 11241100x80000000000000006953983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96b8dd6dc39385c2022-01-05 10:01:01.061root 11241100x80000000000000006953984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d55671b0a0677b2022-01-05 10:01:01.061root 11241100x80000000000000006953985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1eecd8bc2da52902022-01-05 10:01:01.061root 11241100x80000000000000006953986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc885a21c66ed662022-01-05 10:01:01.061root 11241100x80000000000000006953987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ca1c9bf601169f2022-01-05 10:01:01.061root 11241100x80000000000000006953988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd99909017bbce72022-01-05 10:01:01.062root 11241100x80000000000000006953989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3804ab67a4aacb2022-01-05 10:01:01.062root 11241100x80000000000000006953990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66683687f520fdb2022-01-05 10:01:01.062root 11241100x80000000000000006953991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd28726f712743872022-01-05 10:01:01.062root 11241100x80000000000000006953992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cd0bdab44f12aa2022-01-05 10:01:01.062root 11241100x80000000000000006953993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4066cd931ba7f40b2022-01-05 10:01:01.062root 11241100x80000000000000006953994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f2de78386f0eb42022-01-05 10:01:01.062root 11241100x80000000000000006953995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0f0e644ae618cb2022-01-05 10:01:01.062root 11241100x80000000000000006953996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9469410415074eac2022-01-05 10:01:01.074root 11241100x80000000000000006953997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed98acc838b06db42022-01-05 10:01:01.074root 11241100x80000000000000006953998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded4e83af833602e2022-01-05 10:01:01.074root 11241100x80000000000000006953999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81de19fe7a91451d2022-01-05 10:01:01.074root 11241100x80000000000000006954000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d5497e29bdd9e22022-01-05 10:01:01.074root 11241100x80000000000000006954001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c019fce0bad8f4cb2022-01-05 10:01:01.074root 11241100x80000000000000006954002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a22c91fcc683682022-01-05 10:01:01.074root 11241100x80000000000000006954003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48967ff85acf87072022-01-05 10:01:01.074root 11241100x80000000000000006954004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e76ca8aa27520bd2022-01-05 10:01:01.075root 11241100x80000000000000006954005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292954333e01b0682022-01-05 10:01:01.075root 11241100x80000000000000006954006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fe105f3ee4b5092022-01-05 10:01:01.075root 11241100x80000000000000006954007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dd5e2c561f1be02022-01-05 10:01:01.075root 11241100x80000000000000006954008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1756eaaa8f74c9712022-01-05 10:01:01.075root 11241100x80000000000000006954009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9780cadb540d80572022-01-05 10:01:01.075root 11241100x80000000000000006954010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2537aeaf68b1593e2022-01-05 10:01:01.075root 11241100x80000000000000006954011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfbafabd746cc522022-01-05 10:01:01.075root 11241100x80000000000000006954012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becd97f49fb3ed4f2022-01-05 10:01:01.075root 11241100x80000000000000006954013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70edc4b9dd49f3662022-01-05 10:01:01.459root 11241100x80000000000000006954014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b05cd3bb0c532382022-01-05 10:01:01.459root 11241100x80000000000000006954015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849816a12e1b84df2022-01-05 10:01:01.459root 11241100x80000000000000006954016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50974d7c7726906e2022-01-05 10:01:01.459root 11241100x80000000000000006954017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c331cafeaf4590d2022-01-05 10:01:01.460root 11241100x80000000000000006954018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bc70da153e8e1c2022-01-05 10:01:01.460root 11241100x80000000000000006954019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c71bfcf25d25ca2022-01-05 10:01:01.460root 11241100x80000000000000006954020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42cc062b9f3ba122022-01-05 10:01:01.460root 11241100x80000000000000006954021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb27e8930cff73e2022-01-05 10:01:01.460root 11241100x80000000000000006954022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d976b978320879832022-01-05 10:01:01.460root 11241100x80000000000000006954023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e82aeb5fd347afd2022-01-05 10:01:01.460root 11241100x80000000000000006954024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff63214efef47212022-01-05 10:01:01.460root 11241100x80000000000000006954025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eaa372a55eb3ee2022-01-05 10:01:01.460root 11241100x80000000000000006954026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd370b5c17d9d0d62022-01-05 10:01:01.460root 11241100x80000000000000006954027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1d57d8500753c92022-01-05 10:01:01.461root 11241100x80000000000000006954028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8161ab9dbbdc62e2022-01-05 10:01:01.461root 11241100x80000000000000006954029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7f1c351dfdf1852022-01-05 10:01:01.461root 11241100x80000000000000006954030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cb302971eeaef62022-01-05 10:01:01.461root 11241100x80000000000000006954031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce15a1ba21725b52022-01-05 10:01:01.461root 11241100x80000000000000006954032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc220f6ab4c525f2022-01-05 10:01:01.461root 11241100x80000000000000006954033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c974e7039aa6e62022-01-05 10:01:01.461root 11241100x80000000000000006954034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0aa5285dd606a52022-01-05 10:01:01.461root 11241100x80000000000000006954035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e9c5c2177aea412022-01-05 10:01:01.959root 11241100x80000000000000006954036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc85c267f5260e712022-01-05 10:01:01.959root 11241100x80000000000000006954037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a156b4176420a3202022-01-05 10:01:01.959root 11241100x80000000000000006954038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bed811b45c09a772022-01-05 10:01:01.959root 11241100x80000000000000006954039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976e3f443ae4e33f2022-01-05 10:01:01.959root 11241100x80000000000000006954040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f670787f320d252022-01-05 10:01:01.960root 11241100x80000000000000006954041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197a49aabe838a2a2022-01-05 10:01:01.960root 11241100x80000000000000006954042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54943eb6030b84042022-01-05 10:01:01.960root 11241100x80000000000000006954043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf99aade27b7bdc82022-01-05 10:01:01.960root 11241100x80000000000000006954044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94f3afc3bc964d62022-01-05 10:01:01.960root 11241100x80000000000000006954045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f64163426724fa12022-01-05 10:01:01.960root 11241100x80000000000000006954046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa115efda8890372022-01-05 10:01:01.960root 11241100x80000000000000006954047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b89a1d10edbc7f2022-01-05 10:01:01.960root 11241100x80000000000000006954048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa0bb554a6187e2022-01-05 10:01:01.962root 11241100x80000000000000006954049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b6b036a38684092022-01-05 10:01:01.962root 11241100x80000000000000006954050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bfe39138304a602022-01-05 10:01:01.962root 11241100x80000000000000006954051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6de098912f169ac2022-01-05 10:01:01.962root 11241100x80000000000000006954052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d104900d77bdaec2022-01-05 10:01:01.962root 11241100x80000000000000006954053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0760103b8a677f2022-01-05 10:01:01.962root 11241100x80000000000000006954054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f5344492eb1cf2022-01-05 10:01:01.962root 11241100x80000000000000006954055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b229be0f6bbfa2a2022-01-05 10:01:01.962root 11241100x80000000000000006954056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3db0b58da7bb62022-01-05 10:01:01.963root 23542300x80000000000000006954057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006954058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0befbeeab2b5962022-01-05 10:01:02.223root 11241100x80000000000000006954059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ba8000d60279532022-01-05 10:01:02.223root 11241100x80000000000000006954060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c968c7e73ff6402022-01-05 10:01:02.224root 11241100x80000000000000006954061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36091d8edd65d35c2022-01-05 10:01:02.224root 11241100x80000000000000006954062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc399023e573ebe2022-01-05 10:01:02.224root 11241100x80000000000000006954063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6467d0f060f933012022-01-05 10:01:02.224root 11241100x80000000000000006954064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1976f3185a911442022-01-05 10:01:02.224root 11241100x80000000000000006954065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f574d8e2408ce4122022-01-05 10:01:02.224root 11241100x80000000000000006954066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be178f40bf9425c2022-01-05 10:01:02.224root 11241100x80000000000000006954067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42799ca40eda232022-01-05 10:01:02.224root 11241100x80000000000000006954068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a184fe8b0f2bd2022-01-05 10:01:02.224root 11241100x80000000000000006954069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238611ea5d89bf3e2022-01-05 10:01:02.225root 11241100x80000000000000006954070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c39258db55a9a352022-01-05 10:01:02.225root 11241100x80000000000000006954071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cc3c9dc264b6942022-01-05 10:01:02.225root 11241100x80000000000000006954072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccf71e1cc2f9bab2022-01-05 10:01:02.225root 11241100x80000000000000006954073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42cd83377cbc3c32022-01-05 10:01:02.225root 11241100x80000000000000006954074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1256f278109070ce2022-01-05 10:01:02.225root 11241100x80000000000000006954075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3353f8b72f2a84e52022-01-05 10:01:02.225root 11241100x80000000000000006954076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86762c571bed51df2022-01-05 10:01:02.225root 11241100x80000000000000006954077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa948c5dc244a8b2022-01-05 10:01:02.225root 11241100x80000000000000006954078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77155e8d3a797c7a2022-01-05 10:01:02.225root 11241100x80000000000000006954079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d09ccc8fe577542022-01-05 10:01:02.225root 11241100x80000000000000006954080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86626d1632d62b42022-01-05 10:01:02.225root 11241100x80000000000000006954081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d641fc0ea944ee22022-01-05 10:01:02.225root 11241100x80000000000000006954082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68990c8ca235f5b22022-01-05 10:01:02.225root 11241100x80000000000000006954083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8783cf38d492dec2022-01-05 10:01:02.226root 11241100x80000000000000006954084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f00feb7bc073652022-01-05 10:01:02.226root 11241100x80000000000000006954085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e93a794402228e2022-01-05 10:01:02.226root 11241100x80000000000000006954086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc7d63c59720ad12022-01-05 10:01:02.226root 11241100x80000000000000006954087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b26fbe1c917d792022-01-05 10:01:02.226root 11241100x80000000000000006954088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64466055fb71ad582022-01-05 10:01:02.226root 11241100x80000000000000006954089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857677332b5c9cd72022-01-05 10:01:02.226root 11241100x80000000000000006954090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d86578d878c5232022-01-05 10:01:02.226root 11241100x80000000000000006954091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13fe36a7fedec072022-01-05 10:01:02.226root 11241100x80000000000000006954092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3454c71e5119456c2022-01-05 10:01:02.710root 11241100x80000000000000006954093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d1680e546373a12022-01-05 10:01:02.710root 11241100x80000000000000006954094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284663063915423d2022-01-05 10:01:02.710root 11241100x80000000000000006954095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33f2203876c67792022-01-05 10:01:02.710root 11241100x80000000000000006954096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f11bbaa35758232022-01-05 10:01:02.710root 11241100x80000000000000006954097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890faf1b92ee95762022-01-05 10:01:02.710root 11241100x80000000000000006954098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4a621b0589ab112022-01-05 10:01:02.710root 11241100x80000000000000006954099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35794e5addb2b9f2022-01-05 10:01:02.710root 11241100x80000000000000006954100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024350fb321509742022-01-05 10:01:02.710root 11241100x80000000000000006954101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ccc1f74dc063f82022-01-05 10:01:02.710root 11241100x80000000000000006954102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7759a00f3d7bd142022-01-05 10:01:02.710root 11241100x80000000000000006954103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e44dd469979a5712022-01-05 10:01:02.711root 11241100x80000000000000006954104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63687f742fa806c32022-01-05 10:01:02.711root 11241100x80000000000000006954105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45411ae93e9f2782022-01-05 10:01:02.711root 11241100x80000000000000006954106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9029475d35b6bbf2022-01-05 10:01:02.711root 11241100x80000000000000006954107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c669d7f5f065262022-01-05 10:01:02.711root 11241100x80000000000000006954108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6871be3a8362df352022-01-05 10:01:02.711root 11241100x80000000000000006954109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add769fb0d0dd4a62022-01-05 10:01:02.711root 11241100x80000000000000006954110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5c988fa76d6eb2022-01-05 10:01:02.711root 11241100x80000000000000006954111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e335009b5a682142022-01-05 10:01:02.711root 11241100x80000000000000006954112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f0f4f775cc606b2022-01-05 10:01:02.711root 11241100x80000000000000006954113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f078226acd1149c2022-01-05 10:01:02.711root 11241100x80000000000000006954114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adfdd47487f58992022-01-05 10:01:02.711root 11241100x80000000000000006954115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c2ae724cc946322022-01-05 10:01:03.209root 11241100x80000000000000006954116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ed14865b85e29f2022-01-05 10:01:03.209root 11241100x80000000000000006954117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b8f2b1d203bd512022-01-05 10:01:03.209root 11241100x80000000000000006954118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9066799c190832b22022-01-05 10:01:03.210root 11241100x80000000000000006954119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5a381af2753ddc2022-01-05 10:01:03.210root 11241100x80000000000000006954120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa730a9b7207f662022-01-05 10:01:03.210root 11241100x80000000000000006954121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378f686b43aaef3e2022-01-05 10:01:03.210root 11241100x80000000000000006954122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60242ed85065db2f2022-01-05 10:01:03.210root 11241100x80000000000000006954123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82077d2a050b317b2022-01-05 10:01:03.210root 11241100x80000000000000006954124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90036254951717042022-01-05 10:01:03.211root 11241100x80000000000000006954125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8517190afd5ddc2022-01-05 10:01:03.211root 11241100x80000000000000006954126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c592cb250fc9f12022-01-05 10:01:03.211root 11241100x80000000000000006954127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfdcf581bf4a1c72022-01-05 10:01:03.211root 11241100x80000000000000006954128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534e9e91c249ae112022-01-05 10:01:03.211root 11241100x80000000000000006954129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda461dfed055ea22022-01-05 10:01:03.211root 11241100x80000000000000006954130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c2b0df18fa09dc2022-01-05 10:01:03.211root 11241100x80000000000000006954131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181d9a0747b660ae2022-01-05 10:01:03.211root 11241100x80000000000000006954132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f756ebedb83deb2d2022-01-05 10:01:03.211root 11241100x80000000000000006954133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c82143b3937b252022-01-05 10:01:03.211root 11241100x80000000000000006954134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec33b1f25484151b2022-01-05 10:01:03.211root 11241100x80000000000000006954135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096dac0a220d5d402022-01-05 10:01:03.211root 11241100x80000000000000006954136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28fb0caa1b2bbc92022-01-05 10:01:03.211root 11241100x80000000000000006954137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703492f81d365a5a2022-01-05 10:01:03.212root 11241100x80000000000000006954138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25a388fd9ba97612022-01-05 10:01:03.709root 11241100x80000000000000006954139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd83b00619e277f02022-01-05 10:01:03.710root 11241100x80000000000000006954140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68db34c3a237c01a2022-01-05 10:01:03.710root 11241100x80000000000000006954141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdcab7fd93c39eb2022-01-05 10:01:03.710root 11241100x80000000000000006954142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a3c483596af49f2022-01-05 10:01:03.710root 11241100x80000000000000006954143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33504cd0e667ff7f2022-01-05 10:01:03.710root 11241100x80000000000000006954144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8429997dec82712022-01-05 10:01:03.710root 11241100x80000000000000006954145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d684a22942a49a2022-01-05 10:01:03.710root 11241100x80000000000000006954146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b470578e57a65b2022-01-05 10:01:03.710root 11241100x80000000000000006954147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8cd589034779152022-01-05 10:01:03.711root 11241100x80000000000000006954148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9c629f8f5e61f82022-01-05 10:01:03.711root 11241100x80000000000000006954149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbd1fb93990a7b72022-01-05 10:01:03.711root 11241100x80000000000000006954150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460b88629dee421e2022-01-05 10:01:03.711root 11241100x80000000000000006954151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f6429b72e964b92022-01-05 10:01:03.711root 11241100x80000000000000006954152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86528b51534ce772022-01-05 10:01:03.711root 11241100x80000000000000006954153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe3fa865e38d0772022-01-05 10:01:03.711root 11241100x80000000000000006954154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e93a9583d5f8f9a2022-01-05 10:01:03.711root 11241100x80000000000000006954155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105a959cb871e7f82022-01-05 10:01:03.711root 11241100x80000000000000006954156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebdc5a1086f27562022-01-05 10:01:03.711root 11241100x80000000000000006954157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fd1398112d60222022-01-05 10:01:03.711root 11241100x80000000000000006954158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1cc630c748a4dd2022-01-05 10:01:03.712root 11241100x80000000000000006954159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5225092fdb7a75102022-01-05 10:01:03.712root 11241100x80000000000000006954160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c14ccd02487a482022-01-05 10:01:03.712root 11241100x80000000000000006954161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef8fb92cde1a09d2022-01-05 10:01:04.209root 11241100x80000000000000006954162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e9830802a8efb2022-01-05 10:01:04.209root 11241100x80000000000000006954163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270fb9b3cd9753512022-01-05 10:01:04.209root 11241100x80000000000000006954164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677e1577d91501562022-01-05 10:01:04.210root 11241100x80000000000000006954165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60da4b2deb733b2022-01-05 10:01:04.210root 11241100x80000000000000006954166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb99ef00be267012022-01-05 10:01:04.210root 11241100x80000000000000006954167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2557e71b50b7fc22022-01-05 10:01:04.210root 11241100x80000000000000006954168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0076f5f82f69ed72022-01-05 10:01:04.210root 11241100x80000000000000006954169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8535d30b916994f92022-01-05 10:01:04.210root 11241100x80000000000000006954170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8802545c3ffb3332022-01-05 10:01:04.210root 11241100x80000000000000006954171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245b565bdc15c6432022-01-05 10:01:04.210root 11241100x80000000000000006954172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42476e112b99ffcc2022-01-05 10:01:04.211root 11241100x80000000000000006954173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079b4b8eb10b7f982022-01-05 10:01:04.211root 11241100x80000000000000006954174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bf159ef4b7d67c2022-01-05 10:01:04.211root 11241100x80000000000000006954175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ae0a71848452a82022-01-05 10:01:04.211root 11241100x80000000000000006954176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf14fa61844d1e622022-01-05 10:01:04.211root 11241100x80000000000000006954177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09134c1acd1d6a492022-01-05 10:01:04.211root 11241100x80000000000000006954178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dee39e497412ac2022-01-05 10:01:04.211root 11241100x80000000000000006954179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b163d66396a0c782022-01-05 10:01:04.211root 11241100x80000000000000006954180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01a2e87d8883ca22022-01-05 10:01:04.212root 11241100x80000000000000006954181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d070652c35e4152022-01-05 10:01:04.212root 11241100x80000000000000006954182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731bd0d7c5a1992b2022-01-05 10:01:04.212root 11241100x80000000000000006954183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd5aad0047af0e22022-01-05 10:01:04.212root 11241100x80000000000000006954184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622d85bb34c8ba482022-01-05 10:01:04.709root 11241100x80000000000000006954185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36037f5eb08d1902022-01-05 10:01:04.709root 11241100x80000000000000006954186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba4d9905f748d112022-01-05 10:01:04.709root 11241100x80000000000000006954187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0987170561a6d3c82022-01-05 10:01:04.709root 11241100x80000000000000006954188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d33814fc6b61cb52022-01-05 10:01:04.709root 11241100x80000000000000006954189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c718bc4bb5addb2022-01-05 10:01:04.710root 11241100x80000000000000006954190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e67df3580e78902022-01-05 10:01:04.710root 11241100x80000000000000006954191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517b65faf7e5c3a02022-01-05 10:01:04.710root 11241100x80000000000000006954192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44929c75a1330b3b2022-01-05 10:01:04.710root 11241100x80000000000000006954193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd49dc27dfc5c252022-01-05 10:01:04.710root 11241100x80000000000000006954194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31ade59b6b18d582022-01-05 10:01:04.710root 11241100x80000000000000006954195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc9be16b7acf1bd2022-01-05 10:01:04.710root 11241100x80000000000000006954196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126bb72e3dd4d73a2022-01-05 10:01:04.710root 11241100x80000000000000006954197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74588b26485dc9112022-01-05 10:01:04.710root 11241100x80000000000000006954198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd200a00d83ecde02022-01-05 10:01:04.710root 11241100x80000000000000006954199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e521d3713d734032022-01-05 10:01:04.711root 11241100x80000000000000006954200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccd4108ed9060ed2022-01-05 10:01:04.711root 11241100x80000000000000006954201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc681fb70b63d6c2022-01-05 10:01:04.711root 11241100x80000000000000006954202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7623fc1afb80f52022-01-05 10:01:04.711root 11241100x80000000000000006954203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0b4db38109865c2022-01-05 10:01:04.711root 11241100x80000000000000006954204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b27c927d1803d22022-01-05 10:01:04.711root 11241100x80000000000000006954205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096484c9aa1388ba2022-01-05 10:01:04.711root 11241100x80000000000000006954206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d90557a4be451722022-01-05 10:01:04.711root 11241100x80000000000000006954207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a69bd4074f74942022-01-05 10:01:04.711root 11241100x80000000000000006954208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ac30c469d67f122022-01-05 10:01:04.711root 11241100x80000000000000006954209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a954c595a09ff22022-01-05 10:01:04.711root 11241100x80000000000000006954210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c42316a51dc9e52022-01-05 10:01:04.712root 11241100x80000000000000006954211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc944d93249a14b42022-01-05 10:01:04.712root 11241100x80000000000000006954212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c09a39c8ee27472022-01-05 10:01:04.712root 11241100x80000000000000006954213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2444731505b3832022-01-05 10:01:04.712root 11241100x80000000000000006954214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69c4411703eea1d2022-01-05 10:01:04.712root 11241100x80000000000000006954215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c84b3620e5b37c2022-01-05 10:01:04.712root 11241100x80000000000000006954216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a356501297dd172022-01-05 10:01:04.712root 11241100x80000000000000006954217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dc8cd1c061ad502022-01-05 10:01:04.713root 11241100x80000000000000006954218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dea2e9e9a9626232022-01-05 10:01:04.713root 11241100x80000000000000006954219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25c3f209d538b1f2022-01-05 10:01:04.713root 11241100x80000000000000006954220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5252f1449eb93172022-01-05 10:01:04.713root 11241100x80000000000000006954221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7629ea2ee3bcb22022-01-05 10:01:04.713root 11241100x80000000000000006954222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fe4ce8ed1564432022-01-05 10:01:04.713root 11241100x80000000000000006954223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f957b620826424a62022-01-05 10:01:04.713root 11241100x80000000000000006954224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f4392e6c970d202022-01-05 10:01:04.713root 11241100x80000000000000006954225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123c3f58080edb052022-01-05 10:01:04.713root 11241100x80000000000000006954226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99df8dc79244b6fb2022-01-05 10:01:04.713root 11241100x80000000000000006954227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f030425c3752402022-01-05 10:01:04.713root 11241100x80000000000000006954228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57295f808d0f54d2022-01-05 10:01:04.713root 11241100x80000000000000006954229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca63a5262f585c92022-01-05 10:01:04.714root 11241100x80000000000000006954230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f9fcb75f618f12022-01-05 10:01:04.714root 11241100x80000000000000006954231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73247b0248bc67f22022-01-05 10:01:04.714root 11241100x80000000000000006954232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f8e00ff1e3ea0b2022-01-05 10:01:04.714root 11241100x80000000000000006954233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d51686298cc83cf2022-01-05 10:01:04.714root 11241100x80000000000000006954234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c9e30b8cd5d35e2022-01-05 10:01:04.714root 11241100x80000000000000006954235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172396b247b0a6372022-01-05 10:01:04.714root 11241100x80000000000000006954236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47f8dc441cdea582022-01-05 10:01:04.714root 11241100x80000000000000006954237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad54c03a13c0e4a2022-01-05 10:01:04.714root 11241100x80000000000000006954238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63a4a5161c4a5a42022-01-05 10:01:04.714root 11241100x80000000000000006954239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb367352201a98582022-01-05 10:01:04.714root 11241100x80000000000000006954240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cd841ce456aca72022-01-05 10:01:05.209root 11241100x80000000000000006954241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bfa3d98982a3f12022-01-05 10:01:05.209root 11241100x80000000000000006954242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6648f2b148368e182022-01-05 10:01:05.210root 11241100x80000000000000006954243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2f6c9cd5be5f482022-01-05 10:01:05.210root 11241100x80000000000000006954244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dfdbe9b56b1bea2022-01-05 10:01:05.211root 11241100x80000000000000006954245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916638bd634195992022-01-05 10:01:05.211root 11241100x80000000000000006954246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112c41e901116a002022-01-05 10:01:05.211root 11241100x80000000000000006954247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c425cb155bf82782022-01-05 10:01:05.211root 11241100x80000000000000006954248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66785690bc77da892022-01-05 10:01:05.211root 11241100x80000000000000006954249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d41c9514f1a8c4a2022-01-05 10:01:05.211root 11241100x80000000000000006954250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa59ed791b0afda02022-01-05 10:01:05.212root 11241100x80000000000000006954251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6aef292b20b272e2022-01-05 10:01:05.212root 11241100x80000000000000006954252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b643704a4c74a6a2022-01-05 10:01:05.212root 11241100x80000000000000006954253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd7a0c03dc8a99f2022-01-05 10:01:05.212root 11241100x80000000000000006954254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41445d0944f4e7902022-01-05 10:01:05.212root 11241100x80000000000000006954255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8ead6d33363dd2022-01-05 10:01:05.212root 11241100x80000000000000006954256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008c20b927a6d64b2022-01-05 10:01:05.212root 11241100x80000000000000006954257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711231bbcdef32c62022-01-05 10:01:05.213root 11241100x80000000000000006954258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148ff93fb90666742022-01-05 10:01:05.213root 11241100x80000000000000006954259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43972d46d94e5f272022-01-05 10:01:05.213root 11241100x80000000000000006954260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffc33d1e3fd95e22022-01-05 10:01:05.213root 11241100x80000000000000006954261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409c4b2e2e6d441c2022-01-05 10:01:05.213root 11241100x80000000000000006954262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a828eb2500f3012022-01-05 10:01:05.213root 11241100x80000000000000006954263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec67927a02e73ad62022-01-05 10:01:05.709root 11241100x80000000000000006954264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ad5bde4a1e59ee2022-01-05 10:01:05.709root 11241100x80000000000000006954265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1ca1bf8a98dcd92022-01-05 10:01:05.709root 11241100x80000000000000006954266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f47e1fcc8efd1c12022-01-05 10:01:05.710root 11241100x80000000000000006954267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5136d9831197e2d2022-01-05 10:01:05.710root 11241100x80000000000000006954268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080a282f8679b7482022-01-05 10:01:05.710root 11241100x80000000000000006954269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602d9e23433eef872022-01-05 10:01:05.710root 11241100x80000000000000006954270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4679046293c415792022-01-05 10:01:05.710root 11241100x80000000000000006954271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09395120f6afbe702022-01-05 10:01:05.710root 11241100x80000000000000006954272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abf90bd173646582022-01-05 10:01:05.710root 11241100x80000000000000006954273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b46b46570a870162022-01-05 10:01:05.710root 11241100x80000000000000006954274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e961f4dffef0f8492022-01-05 10:01:05.710root 11241100x80000000000000006954275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84daaefd53ab8e832022-01-05 10:01:05.710root 11241100x80000000000000006954276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ab9037c8ecc5a32022-01-05 10:01:05.710root 11241100x80000000000000006954277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb9b2574099bb262022-01-05 10:01:05.710root 11241100x80000000000000006954278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8f6c74e4eb6c602022-01-05 10:01:05.710root 11241100x80000000000000006954279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dc2123a40e9a4b2022-01-05 10:01:05.710root 11241100x80000000000000006954280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec44583e11efe9552022-01-05 10:01:05.710root 11241100x80000000000000006954281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a693812ee550d17b2022-01-05 10:01:05.710root 11241100x80000000000000006954282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22d95ff284304a02022-01-05 10:01:05.711root 11241100x80000000000000006954283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9f89064ab5fa302022-01-05 10:01:05.711root 11241100x80000000000000006954284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad86d3430294be572022-01-05 10:01:05.711root 11241100x80000000000000006954285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f67dfb10e347ec2022-01-05 10:01:05.711root 11241100x80000000000000006954286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87fe28f4aa4f61f2022-01-05 10:01:05.711root 354300x80000000000000006954287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.096{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41676-false10.0.1.12-8000- 11241100x80000000000000006954288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac5c7897bbe05862022-01-05 10:01:06.097root 11241100x80000000000000006954289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa00f9fe6efa3d682022-01-05 10:01:06.097root 11241100x80000000000000006954290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bb21382ac73e862022-01-05 10:01:06.097root 11241100x80000000000000006954291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6039f789932f7d92022-01-05 10:01:06.097root 11241100x80000000000000006954292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72825aca79c7f95d2022-01-05 10:01:06.097root 11241100x80000000000000006954293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c299cc64bbb2bb2022-01-05 10:01:06.097root 11241100x80000000000000006954294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed4951885b949c42022-01-05 10:01:06.097root 11241100x80000000000000006954295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbd84fee9b7b2952022-01-05 10:01:06.097root 11241100x80000000000000006954296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9050e1a27a92fda62022-01-05 10:01:06.098root 11241100x80000000000000006954297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74923bb31e1d409b2022-01-05 10:01:06.098root 11241100x80000000000000006954298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95102ff528a7e2742022-01-05 10:01:06.098root 11241100x80000000000000006954299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd7670d21dd90382022-01-05 10:01:06.098root 11241100x80000000000000006954300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a173d6d5a968d92022-01-05 10:01:06.098root 11241100x80000000000000006954301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea61f0eea775df152022-01-05 10:01:06.098root 11241100x80000000000000006954302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fa2e6df9e09fc12022-01-05 10:01:06.098root 11241100x80000000000000006954303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1e35928c1902902022-01-05 10:01:06.098root 11241100x80000000000000006954304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63fb367f522c6b22022-01-05 10:01:06.098root 11241100x80000000000000006954305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e795816afebe28f72022-01-05 10:01:06.098root 11241100x80000000000000006954306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0491819fe3214b52022-01-05 10:01:06.098root 11241100x80000000000000006954307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d829067f523ada382022-01-05 10:01:06.098root 11241100x80000000000000006954308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbafea6c66aa9b052022-01-05 10:01:06.098root 11241100x80000000000000006954309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699040efab921d3e2022-01-05 10:01:06.098root 11241100x80000000000000006954310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.099{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd64f5a081107322022-01-05 10:01:06.099root 11241100x80000000000000006954311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.099{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7625eb8abc854a012022-01-05 10:01:06.099root 11241100x80000000000000006954312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7324713e640638b32022-01-05 10:01:06.460root 11241100x80000000000000006954313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929c25514e36c45c2022-01-05 10:01:06.460root 11241100x80000000000000006954314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c88dbf11e3502172022-01-05 10:01:06.460root 11241100x80000000000000006954315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ce49b921c96b1f2022-01-05 10:01:06.460root 11241100x80000000000000006954316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133540da05ba150c2022-01-05 10:01:06.461root 11241100x80000000000000006954317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e0366e677fbb152022-01-05 10:01:06.461root 11241100x80000000000000006954318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd75f3d67088df2022-01-05 10:01:06.461root 11241100x80000000000000006954319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce4988d6b246a942022-01-05 10:01:06.461root 11241100x80000000000000006954320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30110884ee08184b2022-01-05 10:01:06.462root 11241100x80000000000000006954321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bd1281631027562022-01-05 10:01:06.462root 11241100x80000000000000006954322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f651eaedeaa010b2022-01-05 10:01:06.462root 11241100x80000000000000006954323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3def29916b109f2022-01-05 10:01:06.462root 11241100x80000000000000006954324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752bc323452c18452022-01-05 10:01:06.462root 11241100x80000000000000006954325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef585a0efa47181c2022-01-05 10:01:06.463root 11241100x80000000000000006954326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5558057c73f763a2022-01-05 10:01:06.463root 11241100x80000000000000006954327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d4623091ec5c942022-01-05 10:01:06.463root 11241100x80000000000000006954328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b24d2e7f96f790e2022-01-05 10:01:06.463root 11241100x80000000000000006954329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66dc01606a31b0f2022-01-05 10:01:06.463root 11241100x80000000000000006954330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8b051e54b1b682022-01-05 10:01:06.463root 11241100x80000000000000006954331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06206d460bc0fd8c2022-01-05 10:01:06.463root 11241100x80000000000000006954332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb0eaf5ccb30542022-01-05 10:01:06.463root 11241100x80000000000000006954333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223d2351afd5f5c12022-01-05 10:01:06.463root 11241100x80000000000000006954334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8737b9319d3c2c642022-01-05 10:01:06.463root 11241100x80000000000000006954335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96cc5f0192cacad2022-01-05 10:01:06.463root 11241100x80000000000000006954336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017871f469db86eb2022-01-05 10:01:06.959root 11241100x80000000000000006954337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055bb2a7b07f21de2022-01-05 10:01:06.959root 11241100x80000000000000006954338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d12133c97a76ff2022-01-05 10:01:06.959root 11241100x80000000000000006954339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8308797af4032cb52022-01-05 10:01:06.959root 11241100x80000000000000006954340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82fbebb7addf3842022-01-05 10:01:06.959root 11241100x80000000000000006954341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4603bd8db8a22f712022-01-05 10:01:06.959root 11241100x80000000000000006954342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c56dc9904a87ca92022-01-05 10:01:06.959root 11241100x80000000000000006954343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d14b3fc242d8932022-01-05 10:01:06.959root 11241100x80000000000000006954344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52737ba4084406c2022-01-05 10:01:06.960root 11241100x80000000000000006954345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c2bceadcbcc4cd2022-01-05 10:01:06.960root 11241100x80000000000000006954346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4b8d3e287236672022-01-05 10:01:06.960root 11241100x80000000000000006954347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eab2d15eb1e5e522022-01-05 10:01:06.960root 11241100x80000000000000006954348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089edc62935937562022-01-05 10:01:06.960root 11241100x80000000000000006954349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd2fbc46a4b79342022-01-05 10:01:06.960root 11241100x80000000000000006954350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680938138d814be52022-01-05 10:01:06.960root 11241100x80000000000000006954351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a934d143e2608e32022-01-05 10:01:06.960root 11241100x80000000000000006954352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4350c77d5546e09d2022-01-05 10:01:06.960root 11241100x80000000000000006954353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1e0307da76192d2022-01-05 10:01:06.961root 11241100x80000000000000006954354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1da7926379ee1b2022-01-05 10:01:06.961root 11241100x80000000000000006954355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916a81c4aaae4b542022-01-05 10:01:06.961root 11241100x80000000000000006954356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc280380f32e40f2022-01-05 10:01:06.961root 11241100x80000000000000006954357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f344c3cc6dd1d92022-01-05 10:01:06.961root 11241100x80000000000000006954358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc01a98c76c0e0e12022-01-05 10:01:06.961root 11241100x80000000000000006954359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0827d7cfbea3cf472022-01-05 10:01:06.961root 11241100x80000000000000006954360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f00d777edf2f772022-01-05 10:01:06.961root 11241100x80000000000000006954361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bc2517f35d88542022-01-05 10:01:06.961root 11241100x80000000000000006954362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7d9353e1d062af2022-01-05 10:01:06.961root 11241100x80000000000000006954363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3876fb78cdacee72022-01-05 10:01:06.961root 11241100x80000000000000006954364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce77cc6451eb58b2022-01-05 10:01:06.961root 11241100x80000000000000006954365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224a71c214a929312022-01-05 10:01:06.962root 11241100x80000000000000006954366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e48b4b78ff565c2022-01-05 10:01:06.962root 11241100x80000000000000006954367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acb2c9af7d8d90b2022-01-05 10:01:06.962root 11241100x80000000000000006954368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2597e9d4cdb89432022-01-05 10:01:06.962root 11241100x80000000000000006954369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a263b0134b1db1d32022-01-05 10:01:06.962root 11241100x80000000000000006954370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d73dab462146ff12022-01-05 10:01:06.962root 11241100x80000000000000006954371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e7d914c345d8832022-01-05 10:01:06.962root 11241100x80000000000000006954372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b72e9a6cca059a2022-01-05 10:01:06.962root 11241100x80000000000000006954373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151f3d584f035da82022-01-05 10:01:06.962root 11241100x80000000000000006954374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c68edf03f6075a42022-01-05 10:01:06.962root 11241100x80000000000000006954375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b93d8f912a37e22022-01-05 10:01:06.962root 11241100x80000000000000006954376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74807ee05316fb72022-01-05 10:01:06.962root 11241100x80000000000000006954377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a2f0f4266aced32022-01-05 10:01:06.962root 11241100x80000000000000006954378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bce02b51450dfdd2022-01-05 10:01:07.459root 11241100x80000000000000006954379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a135b43a90e124b2022-01-05 10:01:07.459root 11241100x80000000000000006954380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200798ae53184b9b2022-01-05 10:01:07.460root 11241100x80000000000000006954381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6b8c09314a36872022-01-05 10:01:07.460root 11241100x80000000000000006954382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aae6020ad850962022-01-05 10:01:07.460root 11241100x80000000000000006954383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71771d1360fa1b8b2022-01-05 10:01:07.460root 11241100x80000000000000006954384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66baac43ff5539e2022-01-05 10:01:07.460root 11241100x80000000000000006954385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3cc4a13a5eb6cf2022-01-05 10:01:07.460root 11241100x80000000000000006954386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b51eee7f0473bf92022-01-05 10:01:07.460root 11241100x80000000000000006954387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7224522655bdd1fe2022-01-05 10:01:07.460root 11241100x80000000000000006954388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90463dd85ca4c6d02022-01-05 10:01:07.460root 11241100x80000000000000006954389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50807fd2fd1338e2022-01-05 10:01:07.460root 11241100x80000000000000006954390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2060994795fb15262022-01-05 10:01:07.460root 11241100x80000000000000006954391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6534ba5794722d72022-01-05 10:01:07.460root 11241100x80000000000000006954392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e89767e34c6a3c52022-01-05 10:01:07.460root 11241100x80000000000000006954393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67770153074ae8fc2022-01-05 10:01:07.461root 11241100x80000000000000006954394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1255bffdbe930442022-01-05 10:01:07.461root 11241100x80000000000000006954395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33ebbe1ea7e94282022-01-05 10:01:07.461root 11241100x80000000000000006954396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be966032945d7d92022-01-05 10:01:07.461root 11241100x80000000000000006954397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f75db6f6ced31612022-01-05 10:01:07.461root 11241100x80000000000000006954398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1f510d0742d65d2022-01-05 10:01:07.461root 11241100x80000000000000006954399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003f3f9fa30c32982022-01-05 10:01:07.461root 11241100x80000000000000006954400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bccb3cbb376c7f2022-01-05 10:01:07.461root 11241100x80000000000000006954401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a16f683c4fedff2022-01-05 10:01:07.461root 11241100x80000000000000006954402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd460b66d258f9b2022-01-05 10:01:07.461root 11241100x80000000000000006954403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d094a563e0dae7e2022-01-05 10:01:07.959root 11241100x80000000000000006954404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574fea6501a8e9b42022-01-05 10:01:07.959root 11241100x80000000000000006954405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3488d2674931bf2022-01-05 10:01:07.959root 11241100x80000000000000006954406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a876787669d76c2022-01-05 10:01:07.960root 11241100x80000000000000006954407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceb6b2271bacbac2022-01-05 10:01:07.960root 11241100x80000000000000006954408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd71169745f1dce2022-01-05 10:01:07.960root 11241100x80000000000000006954409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318abbfe8b22009b2022-01-05 10:01:07.960root 11241100x80000000000000006954410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14235c526afddfb32022-01-05 10:01:07.960root 11241100x80000000000000006954411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245e646d874ad2312022-01-05 10:01:07.960root 11241100x80000000000000006954412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3b657783952f182022-01-05 10:01:07.960root 11241100x80000000000000006954413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518ea9de4fef82f52022-01-05 10:01:07.960root 11241100x80000000000000006954414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a169a97bbe0797f2022-01-05 10:01:07.960root 11241100x80000000000000006954415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292326551c15f9602022-01-05 10:01:07.960root 11241100x80000000000000006954416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb58cad829f3c462022-01-05 10:01:07.960root 11241100x80000000000000006954417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22b3734791b58502022-01-05 10:01:07.960root 11241100x80000000000000006954418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249ac78097751e4a2022-01-05 10:01:07.961root 11241100x80000000000000006954419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c7fc73fb523f802022-01-05 10:01:07.961root 11241100x80000000000000006954420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f784c85089fb3172022-01-05 10:01:07.961root 11241100x80000000000000006954421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5e53a0cf8252992022-01-05 10:01:07.961root 11241100x80000000000000006954422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab81ca0387d326ba2022-01-05 10:01:07.961root 11241100x80000000000000006954423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947211ab241928a32022-01-05 10:01:07.961root 11241100x80000000000000006954424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ba4764fd59a6c02022-01-05 10:01:07.961root 11241100x80000000000000006954425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c42f144bee84712022-01-05 10:01:07.962root 11241100x80000000000000006954426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012b7c87ef8d91f62022-01-05 10:01:07.962root 11241100x80000000000000006954427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4074b18f42e9b72022-01-05 10:01:07.962root 11241100x80000000000000006954428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c64059ee9ebe5272022-01-05 10:01:08.460root 11241100x80000000000000006954429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c4ac1f0cf302d72022-01-05 10:01:08.460root 11241100x80000000000000006954430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313bd3213f9fc82f2022-01-05 10:01:08.460root 11241100x80000000000000006954431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5bf449c2c245322022-01-05 10:01:08.460root 11241100x80000000000000006954432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be51fbe567dd57862022-01-05 10:01:08.460root 11241100x80000000000000006954433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a21238ad8278c82022-01-05 10:01:08.460root 11241100x80000000000000006954434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e535aa82842e62f02022-01-05 10:01:08.460root 11241100x80000000000000006954435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55c380108c559602022-01-05 10:01:08.460root 11241100x80000000000000006954436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c514189bf2bc12da2022-01-05 10:01:08.460root 11241100x80000000000000006954437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d60e81b57fc07382022-01-05 10:01:08.461root 11241100x80000000000000006954438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b161684ecc22627a2022-01-05 10:01:08.461root 11241100x80000000000000006954439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6e19e55e1a01322022-01-05 10:01:08.461root 11241100x80000000000000006954440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf47878c518d0be52022-01-05 10:01:08.461root 11241100x80000000000000006954441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9abee1ae9326302022-01-05 10:01:08.461root 11241100x80000000000000006954442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65dd9952402d14c2022-01-05 10:01:08.461root 11241100x80000000000000006954443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2277ca928db6cd952022-01-05 10:01:08.461root 11241100x80000000000000006954444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f53aac005fa0712022-01-05 10:01:08.461root 11241100x80000000000000006954445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972b67b86a00e3c72022-01-05 10:01:08.461root 11241100x80000000000000006954446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bb23c81adacdf22022-01-05 10:01:08.461root 11241100x80000000000000006954447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a7717216efcd592022-01-05 10:01:08.461root 11241100x80000000000000006954448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301e86fb0460a0a32022-01-05 10:01:08.461root 11241100x80000000000000006954449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e38c3b1d9160142022-01-05 10:01:08.461root 11241100x80000000000000006954450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc81df4014a03552022-01-05 10:01:08.461root 11241100x80000000000000006954451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24040cc0644abf642022-01-05 10:01:08.461root 11241100x80000000000000006954452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693048f5e8a0f5e02022-01-05 10:01:08.959root 11241100x80000000000000006954453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd294d7c5a06ba8b2022-01-05 10:01:08.959root 11241100x80000000000000006954454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522d2beb8b98ebf62022-01-05 10:01:08.959root 11241100x80000000000000006954455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c0f5cb04fb1a382022-01-05 10:01:08.959root 11241100x80000000000000006954456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c13de3983abd3a2022-01-05 10:01:08.959root 11241100x80000000000000006954457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907277878596fce52022-01-05 10:01:08.959root 11241100x80000000000000006954458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a1d287d6b6ab162022-01-05 10:01:08.960root 11241100x80000000000000006954459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafc2b2a5a712362022-01-05 10:01:08.960root 11241100x80000000000000006954460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22a996eb84aa6392022-01-05 10:01:08.960root 11241100x80000000000000006954461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c77769e8dc4db92022-01-05 10:01:08.960root 11241100x80000000000000006954462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdf3153d7dc7adc2022-01-05 10:01:08.960root 11241100x80000000000000006954463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d048d41083581d042022-01-05 10:01:08.960root 11241100x80000000000000006954464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9715b1b0eaef75952022-01-05 10:01:08.960root 11241100x80000000000000006954465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b10277a84a985df2022-01-05 10:01:08.960root 11241100x80000000000000006954466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6764a3dc37b739da2022-01-05 10:01:08.960root 11241100x80000000000000006954467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b901ab6a6c5029632022-01-05 10:01:08.960root 11241100x80000000000000006954468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682b69db729e37dd2022-01-05 10:01:08.960root 11241100x80000000000000006954469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4b944f6591631b2022-01-05 10:01:08.960root 11241100x80000000000000006954470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78b55ec6c82e8942022-01-05 10:01:08.960root 11241100x80000000000000006954471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7065dc0d91269b42022-01-05 10:01:08.961root 11241100x80000000000000006954472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66808114e4b54262022-01-05 10:01:08.961root 11241100x80000000000000006954473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e3a9ad9fa7ecef2022-01-05 10:01:08.961root 11241100x80000000000000006954474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a970dfaaedfee15a2022-01-05 10:01:08.961root 11241100x80000000000000006954475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b33ec0f5c3557c22022-01-05 10:01:08.961root 11241100x80000000000000006954476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b8559636410bae2022-01-05 10:01:08.961root 11241100x80000000000000006954477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea096b2d18b1d3772022-01-05 10:01:08.961root 11241100x80000000000000006954478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c515da96cfba112022-01-05 10:01:08.961root 11241100x80000000000000006954479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5f6e15516f93382022-01-05 10:01:08.961root 11241100x80000000000000006954480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a717f98f03e8a55a2022-01-05 10:01:08.961root 11241100x80000000000000006954481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4dce6b0d6ada432022-01-05 10:01:08.962root 11241100x80000000000000006954482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab64a7e96b9db6e2022-01-05 10:01:08.962root 11241100x80000000000000006954483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46432394f0c2c232022-01-05 10:01:08.962root 11241100x80000000000000006954484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5affb9956a7f752022-01-05 10:01:08.962root 11241100x80000000000000006954485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1981545cf033bcf72022-01-05 10:01:08.962root 11241100x80000000000000006954486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce1c942770793472022-01-05 10:01:08.962root 11241100x80000000000000006954487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ea8824075e24d2022-01-05 10:01:08.962root 11241100x80000000000000006954488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d397e31da15d42b2022-01-05 10:01:08.962root 11241100x80000000000000006954489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e04c6840e32c91a2022-01-05 10:01:08.962root 11241100x80000000000000006954490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867f3e653d6a0fd52022-01-05 10:01:08.963root 11241100x80000000000000006954491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469319ae1b9f7a992022-01-05 10:01:08.963root 11241100x80000000000000006954492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60502c7bc887b32f2022-01-05 10:01:08.963root 11241100x80000000000000006954493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac41b9a7fb190bd02022-01-05 10:01:08.963root 11241100x80000000000000006954494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8113fa1c9fb868882022-01-05 10:01:08.963root 11241100x80000000000000006954495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e52e5696e211c52022-01-05 10:01:08.963root 11241100x80000000000000006954496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec3c3fecc96f4e02022-01-05 10:01:08.963root 11241100x80000000000000006954497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a36fe6de2b85642022-01-05 10:01:08.963root 11241100x80000000000000006954498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e3e139840968e42022-01-05 10:01:08.963root 11241100x80000000000000006954499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcc2c34d82967ff2022-01-05 10:01:08.963root 11241100x80000000000000006954500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cbd8c517e1f8012022-01-05 10:01:08.963root 11241100x80000000000000006954501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c02a986dc7d8012022-01-05 10:01:08.964root 11241100x80000000000000006954502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cb34f99f8e272d2022-01-05 10:01:08.964root 11241100x80000000000000006954503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2077008474041d462022-01-05 10:01:08.964root 11241100x80000000000000006954504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce08331889fa1dda2022-01-05 10:01:09.459root 11241100x80000000000000006954505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecda4558551a1be2022-01-05 10:01:09.459root 11241100x80000000000000006954506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6032d3da23029a2022-01-05 10:01:09.459root 11241100x80000000000000006954507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adab908eafff66bf2022-01-05 10:01:09.459root 11241100x80000000000000006954508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0708cf81456d3f62022-01-05 10:01:09.459root 11241100x80000000000000006954509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd15138305f45702022-01-05 10:01:09.459root 11241100x80000000000000006954510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b55ae99bd61322022-01-05 10:01:09.460root 11241100x80000000000000006954511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76dda91377f5fbe2022-01-05 10:01:09.460root 11241100x80000000000000006954512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313933f7268c67ce2022-01-05 10:01:09.460root 11241100x80000000000000006954513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39d3158541caed32022-01-05 10:01:09.460root 11241100x80000000000000006954514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c3ba3d914e99902022-01-05 10:01:09.460root 11241100x80000000000000006954515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5baebd53bca681c2022-01-05 10:01:09.460root 11241100x80000000000000006954516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd3eb2b6e4a816e2022-01-05 10:01:09.460root 11241100x80000000000000006954517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158396d9fae32cab2022-01-05 10:01:09.461root 11241100x80000000000000006954518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c638b8fae1aca16a2022-01-05 10:01:09.461root 11241100x80000000000000006954519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08371733e1ab0732022-01-05 10:01:09.461root 11241100x80000000000000006954520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70baee7975c61c092022-01-05 10:01:09.461root 11241100x80000000000000006954521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390d3cb81abb3e5b2022-01-05 10:01:09.461root 11241100x80000000000000006954522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de71d6b7fd9b46d2022-01-05 10:01:09.461root 11241100x80000000000000006954523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56531ace3c5acae92022-01-05 10:01:09.461root 11241100x80000000000000006954524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f2141c55ca05902022-01-05 10:01:09.461root 11241100x80000000000000006954525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d434599fab11de2022-01-05 10:01:09.461root 11241100x80000000000000006954526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1c8aa2d083326a2022-01-05 10:01:09.461root 11241100x80000000000000006954527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c55b1eda3653af2022-01-05 10:01:09.462root 11241100x80000000000000006954528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463e785d97f906462022-01-05 10:01:09.462root 11241100x80000000000000006954529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1ae0536176ac512022-01-05 10:01:09.462root 11241100x80000000000000006954530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c650ac08b092672c2022-01-05 10:01:09.462root 11241100x80000000000000006954531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276f16df567568572022-01-05 10:01:09.959root 11241100x80000000000000006954532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaba5797104e9a972022-01-05 10:01:09.959root 11241100x80000000000000006954533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ce4faa5274274e2022-01-05 10:01:09.959root 11241100x80000000000000006954534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b67bc1f46805db12022-01-05 10:01:09.960root 11241100x80000000000000006954535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645d14704e9852532022-01-05 10:01:09.960root 11241100x80000000000000006954536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe979cfa94d70ce2022-01-05 10:01:09.960root 11241100x80000000000000006954537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8bfde4e0125a062022-01-05 10:01:09.960root 11241100x80000000000000006954538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146842a4e22a20932022-01-05 10:01:09.960root 11241100x80000000000000006954539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b35b8bdd4e8f5b2022-01-05 10:01:09.960root 11241100x80000000000000006954540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42b0713b56003472022-01-05 10:01:09.960root 11241100x80000000000000006954541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eceacaa908f90c02022-01-05 10:01:09.960root 11241100x80000000000000006954542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1422721a76f93c002022-01-05 10:01:09.960root 11241100x80000000000000006954543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f16ef0f8a8c7072022-01-05 10:01:09.960root 11241100x80000000000000006954544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12716369fedbb8602022-01-05 10:01:09.960root 11241100x80000000000000006954545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b551c74230740fdd2022-01-05 10:01:09.960root 11241100x80000000000000006954546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4d8e27da44cf8e2022-01-05 10:01:09.960root 11241100x80000000000000006954547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6426c965ebbc072022-01-05 10:01:09.960root 11241100x80000000000000006954548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1bb6f07a29c1912022-01-05 10:01:09.960root 11241100x80000000000000006954549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384a7409e73274502022-01-05 10:01:09.961root 11241100x80000000000000006954550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9925ebc1ba920a2022-01-05 10:01:09.961root 11241100x80000000000000006954551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd68f459f4fed5312022-01-05 10:01:09.961root 11241100x80000000000000006954552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a4d0b59f36d98b2022-01-05 10:01:09.961root 11241100x80000000000000006954553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e47713a66a7e8d2022-01-05 10:01:09.961root 11241100x80000000000000006954554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf1966c25dcada02022-01-05 10:01:09.961root 11241100x80000000000000006954555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4186e4531eeea09a2022-01-05 10:01:09.961root 11241100x80000000000000006954556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caca0344d89a672e2022-01-05 10:01:10.459root 11241100x80000000000000006954557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f739e8074259d5e52022-01-05 10:01:10.459root 11241100x80000000000000006954558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a089b78b3d5522022-01-05 10:01:10.459root 11241100x80000000000000006954559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342ea17e33ca4a1a2022-01-05 10:01:10.459root 11241100x80000000000000006954560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a45d2006b3f74b2022-01-05 10:01:10.459root 11241100x80000000000000006954561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72c816d3b16e41c2022-01-05 10:01:10.459root 11241100x80000000000000006954562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b546562e8c707bd2022-01-05 10:01:10.460root 11241100x80000000000000006954563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df217283877746e2022-01-05 10:01:10.460root 11241100x80000000000000006954564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438c56e17a1ea65c2022-01-05 10:01:10.460root 11241100x80000000000000006954565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99b715eed8fe6fe2022-01-05 10:01:10.460root 11241100x80000000000000006954566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269db4e44af451de2022-01-05 10:01:10.460root 11241100x80000000000000006954567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e8707cc74194562022-01-05 10:01:10.460root 11241100x80000000000000006954568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec1e75dda0843452022-01-05 10:01:10.460root 11241100x80000000000000006954569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669950db0990b6fd2022-01-05 10:01:10.460root 11241100x80000000000000006954570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d8894b918e63fd2022-01-05 10:01:10.460root 11241100x80000000000000006954571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7325840526ec0aff2022-01-05 10:01:10.460root 11241100x80000000000000006954572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d313eaf26847002022-01-05 10:01:10.460root 11241100x80000000000000006954573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a82e00fcaa8d3e72022-01-05 10:01:10.460root 11241100x80000000000000006954574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48167f4b5039ac12022-01-05 10:01:10.460root 11241100x80000000000000006954575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac00db210ff2fbe82022-01-05 10:01:10.461root 11241100x80000000000000006954576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5dea68abfcc7102022-01-05 10:01:10.461root 11241100x80000000000000006954577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c74a6f9558296d02022-01-05 10:01:10.461root 11241100x80000000000000006954578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a59c6c24619eff62022-01-05 10:01:10.461root 11241100x80000000000000006954579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50af857c706007222022-01-05 10:01:10.461root 11241100x80000000000000006954580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd873cfda34e8902022-01-05 10:01:10.462root 11241100x80000000000000006954581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e507719c1958882022-01-05 10:01:10.462root 11241100x80000000000000006954582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a14866f899a46b82022-01-05 10:01:10.462root 11241100x80000000000000006954583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eb71418a00e5e02022-01-05 10:01:10.462root 11241100x80000000000000006954584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff22b0de51f13c712022-01-05 10:01:10.462root 11241100x80000000000000006954585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b696ada0e6f66e2022-01-05 10:01:10.959root 11241100x80000000000000006954586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba52e092a784856e2022-01-05 10:01:10.959root 11241100x80000000000000006954587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dbc4da443bb8352022-01-05 10:01:10.959root 11241100x80000000000000006954588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db96b0b79e3b9602022-01-05 10:01:10.959root 11241100x80000000000000006954589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc4a0e3f75aa10e2022-01-05 10:01:10.959root 11241100x80000000000000006954590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a103c900673e973d2022-01-05 10:01:10.960root 11241100x80000000000000006954591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8647630350c901f2022-01-05 10:01:10.960root 11241100x80000000000000006954592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9706f995b6a052022-01-05 10:01:10.960root 11241100x80000000000000006954593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b040118a6796442022-01-05 10:01:10.960root 11241100x80000000000000006954594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7987ccc8e0f1939e2022-01-05 10:01:10.960root 11241100x80000000000000006954595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f2837887951c3c2022-01-05 10:01:10.960root 11241100x80000000000000006954596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581ed80d410011022022-01-05 10:01:10.960root 11241100x80000000000000006954597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2548a8032dca76102022-01-05 10:01:10.961root 11241100x80000000000000006954598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c4f848018233952022-01-05 10:01:10.961root 11241100x80000000000000006954599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dd6fd684e4ccfd2022-01-05 10:01:10.961root 11241100x80000000000000006954600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d409e67a4983f7fb2022-01-05 10:01:10.961root 11241100x80000000000000006954601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6723c584445f66802022-01-05 10:01:10.961root 11241100x80000000000000006954602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49960172a4b1d9c2022-01-05 10:01:10.961root 11241100x80000000000000006954603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4710da63d3c585db2022-01-05 10:01:10.961root 11241100x80000000000000006954604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be240fe3251d03c42022-01-05 10:01:10.961root 11241100x80000000000000006954605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a4923cef0f9df52022-01-05 10:01:10.961root 11241100x80000000000000006954606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a012828ea3f74ee2022-01-05 10:01:10.961root 11241100x80000000000000006954607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b193b6c6de4c34162022-01-05 10:01:10.962root 11241100x80000000000000006954608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21e8fea7969b8c02022-01-05 10:01:10.962root 11241100x80000000000000006954609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4276ef77fa697aa2022-01-05 10:01:10.962root 11241100x80000000000000006954610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5014c77d397386762022-01-05 10:01:10.962root 11241100x80000000000000006954611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0907b4e10be875c62022-01-05 10:01:10.962root 11241100x80000000000000006954612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7fb6456e4ef8ce2022-01-05 10:01:10.962root 11241100x80000000000000006954613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bea59e3cce3e422022-01-05 10:01:10.962root 11241100x80000000000000006954614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce987d3c9e7224bd2022-01-05 10:01:10.962root 11241100x80000000000000006954615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847824b2c60ccc572022-01-05 10:01:10.962root 11241100x80000000000000006954616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d2eed16d7198c02022-01-05 10:01:10.962root 11241100x80000000000000006954617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d957b5971fe544682022-01-05 10:01:10.962root 11241100x80000000000000006954618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b935ae0044a62f2022-01-05 10:01:10.962root 11241100x80000000000000006954619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d87c1e39317eb52022-01-05 10:01:10.963root 11241100x80000000000000006954620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e9f84fcc1a555a2022-01-05 10:01:10.963root 11241100x80000000000000006954621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ed12acab6ac2bb2022-01-05 10:01:10.963root 11241100x80000000000000006954622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c5f4c4ffb71cd52022-01-05 10:01:10.963root 11241100x80000000000000006954623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ecb01200f05db82022-01-05 10:01:10.963root 11241100x80000000000000006954624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbd64e0cdfe98122022-01-05 10:01:10.963root 11241100x80000000000000006954625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2a139621ba362d2022-01-05 10:01:10.963root 11241100x80000000000000006954626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf55b579a73b050e2022-01-05 10:01:10.963root 11241100x80000000000000006954627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a4e6c8a98867e92022-01-05 10:01:10.963root 11241100x80000000000000006954628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3935cebbacf50a2022-01-05 10:01:10.963root 11241100x80000000000000006954629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb9ca63c1c48fa42022-01-05 10:01:10.963root 11241100x80000000000000006954630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20a85ba8b303a8c2022-01-05 10:01:10.963root 11241100x80000000000000006954631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4adeb4547a8e6e02022-01-05 10:01:10.964root 11241100x80000000000000006954632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391735cb734bac2b2022-01-05 10:01:10.964root 11241100x80000000000000006954633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5f3cd22d83fa092022-01-05 10:01:10.964root 11241100x80000000000000006954634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcc1fe4df7713722022-01-05 10:01:10.964root 11241100x80000000000000006954635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7870626b204cb4c22022-01-05 10:01:10.964root 11241100x80000000000000006954636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35df82441ff65f112022-01-05 10:01:10.964root 11241100x80000000000000006954637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356e11d9cb64553f2022-01-05 10:01:10.964root 11241100x80000000000000006954638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6d371a4189f88c2022-01-05 10:01:10.964root 11241100x80000000000000006954639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8c8ca1a4b07f9c2022-01-05 10:01:10.964root 11241100x80000000000000006954640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f09f87e481331d52022-01-05 10:01:10.964root 11241100x80000000000000006954641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b53f556546b48112022-01-05 10:01:10.964root 11241100x80000000000000006954642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4da79d2febc61f2022-01-05 10:01:10.964root 11241100x80000000000000006954643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb6b9d798b0fa12022-01-05 10:01:10.965root 11241100x80000000000000006954644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc209954f58e35e2022-01-05 10:01:10.965root 11241100x80000000000000006954645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93af83d305d12dea2022-01-05 10:01:10.965root 11241100x80000000000000006954646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1decb7b8367d17c02022-01-05 10:01:10.965root 11241100x80000000000000006954647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e65296fe4c58c72022-01-05 10:01:10.965root 11241100x80000000000000006954648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc67c85df4d68002022-01-05 10:01:10.965root 11241100x80000000000000006954649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fc298cd2bbfdde2022-01-05 10:01:10.965root 11241100x80000000000000006954650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068ef292e9d0b8902022-01-05 10:01:10.965root 11241100x80000000000000006954651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639a57368e623adf2022-01-05 10:01:10.966root 11241100x80000000000000006954652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45334077007ded12022-01-05 10:01:10.966root 11241100x80000000000000006954653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1b6f737ef753042022-01-05 10:01:10.967root 11241100x80000000000000006954654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3bd8028c43e0e42022-01-05 10:01:10.967root 11241100x80000000000000006954655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164e0d01d5f16a152022-01-05 10:01:10.967root 11241100x80000000000000006954656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405596aa4a4fdd02022-01-05 10:01:10.967root 11241100x80000000000000006954657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d486cf2f4b19c8692022-01-05 10:01:10.967root 11241100x80000000000000006954658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e9e71b63cf2ad2022-01-05 10:01:10.967root 11241100x80000000000000006954659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badd9294ced23dc32022-01-05 10:01:10.967root 11241100x80000000000000006954660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c0ebde885e3f262022-01-05 10:01:10.967root 11241100x80000000000000006954661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a704677e116bb4472022-01-05 10:01:10.967root 11241100x80000000000000006954662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f30faf715ae8442022-01-05 10:01:10.967root 11241100x80000000000000006954663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361c9bc5be1cf09d2022-01-05 10:01:10.967root 11241100x80000000000000006954664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d5bee7e85be2212022-01-05 10:01:10.971root 11241100x80000000000000006954665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72134ae1aa9ef7ed2022-01-05 10:01:10.971root 11241100x80000000000000006954666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816c78ef3580ca9a2022-01-05 10:01:10.971root 11241100x80000000000000006954667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030f38af9cfea7762022-01-05 10:01:10.971root 11241100x80000000000000006954668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41933074c94726ce2022-01-05 10:01:10.971root 11241100x80000000000000006954669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadb82e9212ef77c2022-01-05 10:01:10.971root 11241100x80000000000000006954670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3174a6080a30ed2022-01-05 10:01:10.971root 11241100x80000000000000006954671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaedc6a461a9d17d2022-01-05 10:01:10.972root 11241100x80000000000000006954672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f8d765866027932022-01-05 10:01:10.972root 11241100x80000000000000006954673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeea26eaf10b9c652022-01-05 10:01:10.973root 11241100x80000000000000006954674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99167ab0f506bb22022-01-05 10:01:10.973root 11241100x80000000000000006954675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee88a5d334fd382c2022-01-05 10:01:10.973root 11241100x80000000000000006954676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d42b556988b98132022-01-05 10:01:10.973root 11241100x80000000000000006954677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba9a71859464c6d2022-01-05 10:01:10.973root 11241100x80000000000000006954678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04cbb3439d01bab2022-01-05 10:01:10.974root 11241100x80000000000000006954679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.976{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba77b18e71c3f632022-01-05 10:01:10.976root 11241100x80000000000000006954680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.976{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de4137211c49eaa2022-01-05 10:01:10.976root 11241100x80000000000000006954681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.976{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aa234c07dfa6fa2022-01-05 10:01:10.976root 11241100x80000000000000006954682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.978{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0b886c28e4706e2022-01-05 10:01:10.978root 11241100x80000000000000006954683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205b394b22557c1c2022-01-05 10:01:10.979root 11241100x80000000000000006954684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524756469533d5a72022-01-05 10:01:10.979root 11241100x80000000000000006954685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce0178ee37a26722022-01-05 10:01:10.979root 11241100x80000000000000006954686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47639b0774613be72022-01-05 10:01:10.979root 11241100x80000000000000006954687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb6a5f46c1349ad2022-01-05 10:01:10.979root 11241100x80000000000000006954688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7134889b6f211712022-01-05 10:01:10.979root 11241100x80000000000000006954689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730d095019405feb2022-01-05 10:01:10.979root 11241100x80000000000000006954690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bff8785899170e2022-01-05 10:01:10.979root 11241100x80000000000000006954691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939f170b324582502022-01-05 10:01:10.980root 11241100x80000000000000006954692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d466188942f0ba2022-01-05 10:01:10.980root 11241100x80000000000000006954693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827c1320abb4f8612022-01-05 10:01:10.980root 11241100x80000000000000006954694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f400f975cd9278b2022-01-05 10:01:10.980root 11241100x80000000000000006954695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122ed46099ac378d2022-01-05 10:01:10.980root 11241100x80000000000000006954696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd41d309c2a5164b2022-01-05 10:01:10.980root 11241100x80000000000000006954697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78ec0bc60ee71e32022-01-05 10:01:10.981root 11241100x80000000000000006954698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79963c7133697ed92022-01-05 10:01:10.981root 11241100x80000000000000006954699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9fce167daf70a42022-01-05 10:01:10.981root 11241100x80000000000000006954700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fbe9de6c72e9982022-01-05 10:01:10.981root 11241100x80000000000000006954701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801572ea8b525c0c2022-01-05 10:01:10.981root 11241100x80000000000000006954702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f53ea3b3cef6dbb2022-01-05 10:01:10.981root 11241100x80000000000000006954703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7774a678102f1ee62022-01-05 10:01:10.981root 11241100x80000000000000006954704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.982{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daddf5a969bbff942022-01-05 10:01:10.982root 11241100x80000000000000006954705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.982{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ad5fcac4fceb12022-01-05 10:01:10.982root 354300x80000000000000006954706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.230{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41678-false10.0.1.12-8000- 11241100x80000000000000006954707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c72b545646b435c2022-01-05 10:01:11.231root 11241100x80000000000000006954708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6161e7e5b33e6b902022-01-05 10:01:11.231root 11241100x80000000000000006954709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de703f0bd7f7762022-01-05 10:01:11.231root 11241100x80000000000000006954710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40530e90da3fce6c2022-01-05 10:01:11.231root 11241100x80000000000000006954711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc4f26d34f0d3592022-01-05 10:01:11.231root 11241100x80000000000000006954712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859cfff03d3b59b32022-01-05 10:01:11.231root 11241100x80000000000000006954713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050c031bb410b0a92022-01-05 10:01:11.231root 11241100x80000000000000006954714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca5f66552e4076c2022-01-05 10:01:11.231root 11241100x80000000000000006954715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee461c57c56728962022-01-05 10:01:11.232root 11241100x80000000000000006954716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd15e85dc33af992022-01-05 10:01:11.232root 11241100x80000000000000006954717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f9343aeaa3a3752022-01-05 10:01:11.232root 11241100x80000000000000006954718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2dcfb1a22a22a22022-01-05 10:01:11.232root 11241100x80000000000000006954719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff58e1c09343e6a42022-01-05 10:01:11.232root 11241100x80000000000000006954720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0895c3f25dd0622022-01-05 10:01:11.232root 11241100x80000000000000006954721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbf7a424ac2eea02022-01-05 10:01:11.232root 11241100x80000000000000006954722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b809545a4a5d2122022-01-05 10:01:11.232root 11241100x80000000000000006954723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34850594ab3cf0652022-01-05 10:01:11.233root 11241100x80000000000000006954724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8739bb843049f7422022-01-05 10:01:11.233root 11241100x80000000000000006954725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb522e5ee8aca602022-01-05 10:01:11.233root 11241100x80000000000000006954726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0813b29b3eb3c0592022-01-05 10:01:11.233root 11241100x80000000000000006954727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4021c374437806ce2022-01-05 10:01:11.233root 11241100x80000000000000006954728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0bce0408c0df652022-01-05 10:01:11.234root 11241100x80000000000000006954729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781924e8c606d6b62022-01-05 10:01:11.234root 11241100x80000000000000006954730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60776ee834ddf762022-01-05 10:01:11.234root 11241100x80000000000000006954731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ead668ff2725dc2022-01-05 10:01:11.235root 11241100x80000000000000006954732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebd89c2ff5117672022-01-05 10:01:11.235root 11241100x80000000000000006954733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a7c52792c7ccb72022-01-05 10:01:11.235root 11241100x80000000000000006954734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7f5325d865fcc12022-01-05 10:01:11.235root 11241100x80000000000000006954735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb5af4837163e562022-01-05 10:01:11.235root 11241100x80000000000000006954736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721f6d024b7cd5e12022-01-05 10:01:11.235root 11241100x80000000000000006954737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd0d4712829a5432022-01-05 10:01:11.236root 11241100x80000000000000006954738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e1ea817aaed9b52022-01-05 10:01:11.236root 11241100x80000000000000006954739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074215261a9f9ae22022-01-05 10:01:11.236root 11241100x80000000000000006954740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81931d69fbf9723d2022-01-05 10:01:11.710root 11241100x80000000000000006954741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7258a3bc00d0f6c22022-01-05 10:01:11.710root 11241100x80000000000000006954742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc84a1c0234752f2022-01-05 10:01:11.710root 11241100x80000000000000006954743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08981c04203153aa2022-01-05 10:01:11.710root 11241100x80000000000000006954744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49a43f92f634ed22022-01-05 10:01:11.710root 11241100x80000000000000006954745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdf3da2cfae02f22022-01-05 10:01:11.710root 11241100x80000000000000006954746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff82ef434ed56d92022-01-05 10:01:11.710root 11241100x80000000000000006954747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f195e402b60386ed2022-01-05 10:01:11.710root 11241100x80000000000000006954748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d1616451aa0f702022-01-05 10:01:11.710root 11241100x80000000000000006954749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6262ec05e326e2b92022-01-05 10:01:11.710root 11241100x80000000000000006954750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933601cf7580841c2022-01-05 10:01:11.710root 11241100x80000000000000006954751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c844de41aa09b3c62022-01-05 10:01:11.710root 11241100x80000000000000006954752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31a9acff948b1912022-01-05 10:01:11.710root 11241100x80000000000000006954753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c559fefa311362282022-01-05 10:01:11.711root 11241100x80000000000000006954754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09710ee7f5b84c372022-01-05 10:01:11.711root 11241100x80000000000000006954755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b50e1e64905059c2022-01-05 10:01:11.711root 11241100x80000000000000006954756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede25148b10a44232022-01-05 10:01:11.711root 11241100x80000000000000006954757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d786d29173ca02582022-01-05 10:01:11.711root 11241100x80000000000000006954758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd663a9fec6045172022-01-05 10:01:11.711root 11241100x80000000000000006954759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd7fc0115bd74472022-01-05 10:01:11.711root 11241100x80000000000000006954760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0cc0afb8eb42812022-01-05 10:01:11.711root 11241100x80000000000000006954761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bde9963bc6b26e2022-01-05 10:01:11.711root 11241100x80000000000000006954762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d83d8aaf47a2202022-01-05 10:01:11.711root 11241100x80000000000000006954763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88192db8727750cc2022-01-05 10:01:11.711root 11241100x80000000000000006954764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f34c5621c8d7ba62022-01-05 10:01:11.711root 11241100x80000000000000006954765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf6cff607e0a9e82022-01-05 10:01:12.210root 11241100x80000000000000006954766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abb4a68025293f32022-01-05 10:01:12.210root 11241100x80000000000000006954767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d304ea735f995b02022-01-05 10:01:12.210root 11241100x80000000000000006954768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12a1f87862ef8422022-01-05 10:01:12.210root 11241100x80000000000000006954769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b2e7f958b34ef12022-01-05 10:01:12.211root 11241100x80000000000000006954770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4d43636901da3f2022-01-05 10:01:12.211root 11241100x80000000000000006954771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85699030375acd22022-01-05 10:01:12.211root 11241100x80000000000000006954772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc53d55b31dd30482022-01-05 10:01:12.211root 11241100x80000000000000006954773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3eff489a932d3f2022-01-05 10:01:12.211root 11241100x80000000000000006954774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a23b7122c4400e2022-01-05 10:01:12.211root 11241100x80000000000000006954775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b2d25c676c3e972022-01-05 10:01:12.211root 11241100x80000000000000006954776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b685bd4d8f8d85c2022-01-05 10:01:12.211root 11241100x80000000000000006954777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbea44904147ff72022-01-05 10:01:12.211root 11241100x80000000000000006954778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52c988ea6b5b4222022-01-05 10:01:12.211root 11241100x80000000000000006954779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731f4f777091f77c2022-01-05 10:01:12.211root 11241100x80000000000000006954780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80d99bdeca00f752022-01-05 10:01:12.212root 11241100x80000000000000006954781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b2c839557dc3c72022-01-05 10:01:12.212root 11241100x80000000000000006954782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c0b8d24dde5aee2022-01-05 10:01:12.212root 11241100x80000000000000006954783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d9692f079a0a1f2022-01-05 10:01:12.212root 11241100x80000000000000006954784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c72351bb74cadf72022-01-05 10:01:12.212root 11241100x80000000000000006954785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886a305b9f940e522022-01-05 10:01:12.212root 11241100x80000000000000006954786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c312c9fdcf98442022-01-05 10:01:12.212root 11241100x80000000000000006954787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a892c6c0aa29ba82022-01-05 10:01:12.212root 11241100x80000000000000006954788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1c8bc93ed061e32022-01-05 10:01:12.212root 11241100x80000000000000006954789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e7d2337b4ad0d82022-01-05 10:01:12.212root 11241100x80000000000000006954790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f65cd6fe501fbd62022-01-05 10:01:12.709root 11241100x80000000000000006954791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddb7f06f43750b22022-01-05 10:01:12.709root 11241100x80000000000000006954792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75f42800e8fb63f2022-01-05 10:01:12.709root 11241100x80000000000000006954793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30741c028d51cca12022-01-05 10:01:12.709root 11241100x80000000000000006954794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c898f195cbb78f0f2022-01-05 10:01:12.709root 11241100x80000000000000006954795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0fcc35151ed7952022-01-05 10:01:12.709root 11241100x80000000000000006954796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382c2a46ca85428e2022-01-05 10:01:12.710root 11241100x80000000000000006954797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dadb69d82e4703e2022-01-05 10:01:12.710root 11241100x80000000000000006954798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f0e0425f402e872022-01-05 10:01:12.710root 11241100x80000000000000006954799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ebb5ca5f10fbdb2022-01-05 10:01:12.710root 11241100x80000000000000006954800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e8a955819162b92022-01-05 10:01:12.710root 11241100x80000000000000006954801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0557c5679d03c22022-01-05 10:01:12.710root 11241100x80000000000000006954802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3ca3e5db0cd2202022-01-05 10:01:12.710root 11241100x80000000000000006954803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9166447baf5bdcf02022-01-05 10:01:12.710root 11241100x80000000000000006954804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65c1399664b0f8b2022-01-05 10:01:12.710root 11241100x80000000000000006954805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15087aad6df9e3782022-01-05 10:01:12.710root 11241100x80000000000000006954806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aaf48c30c318cd2022-01-05 10:01:12.710root 11241100x80000000000000006954807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133c6908584cfab02022-01-05 10:01:12.712root 11241100x80000000000000006954808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cb544f8e0f69892022-01-05 10:01:12.712root 11241100x80000000000000006954809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2a482c096fac702022-01-05 10:01:12.712root 11241100x80000000000000006954810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a7c1f0c97c5a1d2022-01-05 10:01:12.712root 11241100x80000000000000006954811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e1a327d6fa2d012022-01-05 10:01:12.713root 11241100x80000000000000006954812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c372c68d00c31832022-01-05 10:01:12.713root 11241100x80000000000000006954813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01fe15db63ad23c2022-01-05 10:01:12.713root 11241100x80000000000000006954814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6d30038250ef522022-01-05 10:01:12.713root 11241100x80000000000000006954815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb890ba9be28a282022-01-05 10:01:12.713root 11241100x80000000000000006954816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501f5c7a27238e192022-01-05 10:01:12.713root 11241100x80000000000000006954817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff40af4bc6309322022-01-05 10:01:12.713root 11241100x80000000000000006954818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7450b7403af972342022-01-05 10:01:12.713root 11241100x80000000000000006954819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95067731f09c1772022-01-05 10:01:13.209root 11241100x80000000000000006954820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f93b1d82742fb32022-01-05 10:01:13.209root 11241100x80000000000000006954821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdb5028087a63c02022-01-05 10:01:13.210root 11241100x80000000000000006954822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc8a6c4348ceb822022-01-05 10:01:13.210root 11241100x80000000000000006954823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eae13a0645368782022-01-05 10:01:13.210root 11241100x80000000000000006954824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a7e6b5935e32222022-01-05 10:01:13.210root 11241100x80000000000000006954825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11396ae589438e72022-01-05 10:01:13.210root 11241100x80000000000000006954826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fd1bcbfc473e342022-01-05 10:01:13.210root 11241100x80000000000000006954827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272a262f0bb3a6ed2022-01-05 10:01:13.210root 11241100x80000000000000006954828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105dc40622d915582022-01-05 10:01:13.210root 11241100x80000000000000006954829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44223d62831c52692022-01-05 10:01:13.210root 11241100x80000000000000006954830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536804f1a50b41f32022-01-05 10:01:13.210root 11241100x80000000000000006954831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ddaea5d2796f92022-01-05 10:01:13.210root 11241100x80000000000000006954832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1890e4a3e1bef02022-01-05 10:01:13.210root 11241100x80000000000000006954833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c5007900bb2b262022-01-05 10:01:13.210root 11241100x80000000000000006954834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9a088149e9c02f2022-01-05 10:01:13.210root 11241100x80000000000000006954835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0446fedc16992bcb2022-01-05 10:01:13.211root 11241100x80000000000000006954836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f086050b1437842022-01-05 10:01:13.211root 11241100x80000000000000006954837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a2a1d18d7ee92d2022-01-05 10:01:13.211root 11241100x80000000000000006954838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891290b5bdc48dd12022-01-05 10:01:13.211root 11241100x80000000000000006954839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fe1c6024baefac2022-01-05 10:01:13.211root 11241100x80000000000000006954840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37b44648cccedf02022-01-05 10:01:13.211root 11241100x80000000000000006954841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09860ba9ce00930f2022-01-05 10:01:13.211root 11241100x80000000000000006954842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5141f4bf8462f612022-01-05 10:01:13.211root 11241100x80000000000000006954843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cdc2bce25c3b002022-01-05 10:01:13.211root 11241100x80000000000000006954844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c41ebc2bec9944f2022-01-05 10:01:13.211root 11241100x80000000000000006954845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323d55ea3e88d1902022-01-05 10:01:13.211root 11241100x80000000000000006954846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4b4e1ca1fd03862022-01-05 10:01:13.709root 11241100x80000000000000006954847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40875bd6cdd1bb0a2022-01-05 10:01:13.709root 11241100x80000000000000006954848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f5f184266189eb2022-01-05 10:01:13.709root 11241100x80000000000000006954849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b6ebc25fda449c2022-01-05 10:01:13.709root 11241100x80000000000000006954850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd6331dc6e7d6f12022-01-05 10:01:13.709root 11241100x80000000000000006954851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f70f0e11eb2b74d2022-01-05 10:01:13.710root 11241100x80000000000000006954852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5405c99a7446ef2022-01-05 10:01:13.710root 11241100x80000000000000006954853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5821f60843f0ffa12022-01-05 10:01:13.710root 11241100x80000000000000006954854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db8d6162ed96c372022-01-05 10:01:13.710root 11241100x80000000000000006954855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f322e9300f25ff912022-01-05 10:01:13.710root 11241100x80000000000000006954856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb06e395bffb34e92022-01-05 10:01:13.710root 11241100x80000000000000006954857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9b743930f657862022-01-05 10:01:13.710root 11241100x80000000000000006954858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776ff243752e20d02022-01-05 10:01:13.710root 11241100x80000000000000006954859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a53742f2e3346ce2022-01-05 10:01:13.710root 11241100x80000000000000006954860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a89cbe8311c600c2022-01-05 10:01:13.710root 11241100x80000000000000006954861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a7b84380a58aa12022-01-05 10:01:13.710root 11241100x80000000000000006954862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701216e0434d6e212022-01-05 10:01:13.710root 11241100x80000000000000006954863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066238b3e17907892022-01-05 10:01:13.710root 11241100x80000000000000006954864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ecb49c4b0a120b2022-01-05 10:01:13.710root 11241100x80000000000000006954865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6da349908ed3312022-01-05 10:01:13.710root 11241100x80000000000000006954866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4905c79f9e303e712022-01-05 10:01:13.711root 11241100x80000000000000006954867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e83660b754fa412022-01-05 10:01:13.711root 11241100x80000000000000006954868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a0105d7fa048502022-01-05 10:01:13.711root 11241100x80000000000000006954869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d37e16a02097f92022-01-05 10:01:13.711root 11241100x80000000000000006954870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691751a6161f33792022-01-05 10:01:13.711root 11241100x80000000000000006954871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6561477a4bd5e4412022-01-05 10:01:13.711root 11241100x80000000000000006954872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d36de0451dff452022-01-05 10:01:13.711root 11241100x80000000000000006954873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7c0706e1a646f12022-01-05 10:01:13.711root 11241100x80000000000000006954874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd537fc8af51c4f2022-01-05 10:01:13.711root 11241100x80000000000000006954875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1891b4d22f314e2022-01-05 10:01:13.711root 11241100x80000000000000006954876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045545f07a5bc2062022-01-05 10:01:14.209root 11241100x80000000000000006954877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8914df9b24c009a72022-01-05 10:01:14.210root 11241100x80000000000000006954878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822bc3d53dcd1bf02022-01-05 10:01:14.210root 11241100x80000000000000006954879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaac0eee9f65bcd2022-01-05 10:01:14.210root 11241100x80000000000000006954880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032fb130c22c2df92022-01-05 10:01:14.210root 11241100x80000000000000006954881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e0e591e21392c2022-01-05 10:01:14.210root 11241100x80000000000000006954882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd9d4688c5beae62022-01-05 10:01:14.210root 11241100x80000000000000006954883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ee4a41f6e4b3022022-01-05 10:01:14.211root 11241100x80000000000000006954884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d015cb50d0e2f52022-01-05 10:01:14.211root 11241100x80000000000000006954885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70bbdbfb93296602022-01-05 10:01:14.211root 11241100x80000000000000006954886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df86ab2b0d460892022-01-05 10:01:14.211root 11241100x80000000000000006954887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72bb7b89c381c6c2022-01-05 10:01:14.211root 11241100x80000000000000006954888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601af0bb916af9992022-01-05 10:01:14.211root 11241100x80000000000000006954889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971609fb0ea066dd2022-01-05 10:01:14.212root 11241100x80000000000000006954890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcac3b87f90857d2022-01-05 10:01:14.212root 11241100x80000000000000006954891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0aa34bda4412642022-01-05 10:01:14.212root 11241100x80000000000000006954892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8c19fff9096a762022-01-05 10:01:14.212root 11241100x80000000000000006954893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8295d2c897dfd72022-01-05 10:01:14.212root 11241100x80000000000000006954894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a207d6811411932022-01-05 10:01:14.212root 11241100x80000000000000006954895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297e14d11b8fcce92022-01-05 10:01:14.212root 11241100x80000000000000006954896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e06137beb39a902022-01-05 10:01:14.212root 11241100x80000000000000006954897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded555a2a85df32b2022-01-05 10:01:14.212root 11241100x80000000000000006954898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf0c68cbf806d162022-01-05 10:01:14.212root 11241100x80000000000000006954899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bb752011cb8da02022-01-05 10:01:14.213root 11241100x80000000000000006954900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ec29822a9258c72022-01-05 10:01:14.213root 11241100x80000000000000006954901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69d38546de55e7e2022-01-05 10:01:14.213root 11241100x80000000000000006954902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51743c6090dac992022-01-05 10:01:14.709root 11241100x80000000000000006954903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02f1ba656f56c9b2022-01-05 10:01:14.709root 11241100x80000000000000006954904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcea77977be3d16e2022-01-05 10:01:14.710root 11241100x80000000000000006954905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449a1f9a3da9a5dc2022-01-05 10:01:14.710root 11241100x80000000000000006954906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69647753f341b3d52022-01-05 10:01:14.710root 11241100x80000000000000006954907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca988d6a8ba655272022-01-05 10:01:14.710root 11241100x80000000000000006954908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6156ac5527ab957a2022-01-05 10:01:14.710root 11241100x80000000000000006954909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285bde7cef3230df2022-01-05 10:01:14.710root 11241100x80000000000000006954910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f58bb130c572f82022-01-05 10:01:14.710root 11241100x80000000000000006954911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978824eb8d9cd5bb2022-01-05 10:01:14.710root 11241100x80000000000000006954912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad8031f10a95c012022-01-05 10:01:14.710root 11241100x80000000000000006954913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7ff8ad0c2167852022-01-05 10:01:14.710root 11241100x80000000000000006954914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee66ac560a3c8732022-01-05 10:01:14.711root 11241100x80000000000000006954915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01fb24761480afc2022-01-05 10:01:14.711root 11241100x80000000000000006954916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62811051977c16232022-01-05 10:01:14.711root 11241100x80000000000000006954917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ac4150135f6f1c2022-01-05 10:01:14.711root 11241100x80000000000000006954918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b1a2eadc01000f2022-01-05 10:01:14.711root 11241100x80000000000000006954919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1290e193423bfd2022-01-05 10:01:14.711root 11241100x80000000000000006954920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc572fd45c021aa2022-01-05 10:01:14.711root 11241100x80000000000000006954921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753e08c3c628743f2022-01-05 10:01:14.712root 11241100x80000000000000006954922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5156805ca4994bd02022-01-05 10:01:14.712root 11241100x80000000000000006954923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f2322187d16d872022-01-05 10:01:14.712root 11241100x80000000000000006954924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bc07d7b445cdf82022-01-05 10:01:14.712root 11241100x80000000000000006954925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a169f77dfd4257a2022-01-05 10:01:14.712root 11241100x80000000000000006954926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35b71265f1b3a402022-01-05 10:01:14.712root 11241100x80000000000000006954927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba952a24168dc332022-01-05 10:01:14.712root 11241100x80000000000000006954928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872f50e1eb2ed4bf2022-01-05 10:01:14.712root 11241100x80000000000000006954929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69948abbbc51f352022-01-05 10:01:14.712root 11241100x80000000000000006954930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ef36e5777204aa2022-01-05 10:01:15.209root 11241100x80000000000000006954931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b8aa58a5f730ad2022-01-05 10:01:15.209root 11241100x80000000000000006954932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51f7fc031b59a6f2022-01-05 10:01:15.210root 11241100x80000000000000006954933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacd3e651d808e4b2022-01-05 10:01:15.210root 11241100x80000000000000006954934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0aec6b8a51a3e72022-01-05 10:01:15.210root 11241100x80000000000000006954935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3473c16d5f403c62022-01-05 10:01:15.210root 11241100x80000000000000006954936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7f01553a02a4872022-01-05 10:01:15.210root 11241100x80000000000000006954937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4479a8db236575ea2022-01-05 10:01:15.210root 11241100x80000000000000006954938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416ee1df54b80c042022-01-05 10:01:15.210root 11241100x80000000000000006954939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67036773c13f838b2022-01-05 10:01:15.211root 11241100x80000000000000006954940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295783b29331a7312022-01-05 10:01:15.211root 11241100x80000000000000006954941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bdab88d11248e02022-01-05 10:01:15.211root 11241100x80000000000000006954942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f2045e417982932022-01-05 10:01:15.212root 11241100x80000000000000006954943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08039b75ef315b3b2022-01-05 10:01:15.212root 11241100x80000000000000006954944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b71d045dca21d02022-01-05 10:01:15.212root 11241100x80000000000000006954945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190e97343ca30a9f2022-01-05 10:01:15.212root 11241100x80000000000000006954946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c84b7b270e3f202022-01-05 10:01:15.212root 11241100x80000000000000006954947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bdaa96adc91bd12022-01-05 10:01:15.213root 11241100x80000000000000006954948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06198b9e7327bee22022-01-05 10:01:15.213root 11241100x80000000000000006954949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae2c6f8a914ec6e2022-01-05 10:01:15.213root 11241100x80000000000000006954950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16076279544a65a2022-01-05 10:01:15.213root 11241100x80000000000000006954951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfa7c861e15f4f62022-01-05 10:01:15.213root 11241100x80000000000000006954952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255e516a22530fe72022-01-05 10:01:15.213root 11241100x80000000000000006954953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867244a01a3bbe1c2022-01-05 10:01:15.213root 11241100x80000000000000006954954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a566081b2f1806802022-01-05 10:01:15.213root 11241100x80000000000000006954955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d5c6ee0100526f2022-01-05 10:01:15.213root 11241100x80000000000000006954956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03795ecb5cfbd2d62022-01-05 10:01:15.213root 11241100x80000000000000006954957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abff5f5b28035862022-01-05 10:01:15.213root 11241100x80000000000000006954958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4871b8bef5276c2022-01-05 10:01:15.214root 11241100x80000000000000006954959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba288afcc70c27d2022-01-05 10:01:15.214root 11241100x80000000000000006954960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597ddaed4ddce90d2022-01-05 10:01:15.214root 11241100x80000000000000006954961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a9b6d5da0218f62022-01-05 10:01:15.214root 11241100x80000000000000006954962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceec9cbb9989e3942022-01-05 10:01:15.709root 11241100x80000000000000006954963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0715f2db7f49e852022-01-05 10:01:15.709root 11241100x80000000000000006954964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc4a972c238d8db2022-01-05 10:01:15.710root 11241100x80000000000000006954965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5a2b9d65d01adc2022-01-05 10:01:15.710root 11241100x80000000000000006954966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4836a283c973a72022-01-05 10:01:15.710root 11241100x80000000000000006954967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd0c86e5f8a69282022-01-05 10:01:15.710root 11241100x80000000000000006954968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65df9060146eda252022-01-05 10:01:15.710root 11241100x80000000000000006954969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2cbe6e7476ba742022-01-05 10:01:15.710root 11241100x80000000000000006954970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b8308bc1bc5a322022-01-05 10:01:15.710root 11241100x80000000000000006954971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48faee7fdd6c1712022-01-05 10:01:15.710root 11241100x80000000000000006954972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71184379cf8d700d2022-01-05 10:01:15.711root 11241100x80000000000000006954973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f19cb34549d14eb2022-01-05 10:01:15.711root 11241100x80000000000000006954974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492b30438d6b2eca2022-01-05 10:01:15.711root 11241100x80000000000000006954975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4673d9789a877b252022-01-05 10:01:15.711root 11241100x80000000000000006954976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaf7f3fcaa987f02022-01-05 10:01:15.711root 11241100x80000000000000006954977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591d36cefe93f5192022-01-05 10:01:15.711root 11241100x80000000000000006954978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970177ab961a7b942022-01-05 10:01:15.711root 11241100x80000000000000006954979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e974a177e4cbbe2022-01-05 10:01:15.712root 11241100x80000000000000006954980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df32cc88eddfdbb2022-01-05 10:01:15.712root 11241100x80000000000000006954981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a260f51c9216daf32022-01-05 10:01:15.712root 11241100x80000000000000006954982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafd0530281950d02022-01-05 10:01:15.712root 11241100x80000000000000006954983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9744e236f0686692022-01-05 10:01:15.712root 11241100x80000000000000006954984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce39b7a03893a652022-01-05 10:01:15.712root 11241100x80000000000000006954985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aea8208ecd2d96b2022-01-05 10:01:15.713root 11241100x80000000000000006954986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a607aa6539c6ef112022-01-05 10:01:15.713root 11241100x80000000000000006954987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f48415824476e732022-01-05 10:01:16.210root 11241100x80000000000000006954988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b8dc4f1c44de352022-01-05 10:01:16.210root 11241100x80000000000000006954989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96701280ba782b842022-01-05 10:01:16.210root 11241100x80000000000000006954990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe48da625e437af2022-01-05 10:01:16.210root 11241100x80000000000000006954991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fa463303d0771d2022-01-05 10:01:16.211root 11241100x80000000000000006954992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60ac3e903c8e692022-01-05 10:01:16.211root 11241100x80000000000000006954993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd93921237e7df72022-01-05 10:01:16.211root 11241100x80000000000000006954994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b7f7674c1f56b52022-01-05 10:01:16.211root 11241100x80000000000000006954995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2abe91419794262022-01-05 10:01:16.211root 11241100x80000000000000006954996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ab6b03abbda95c2022-01-05 10:01:16.211root 11241100x80000000000000006954997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e685389e9056832022-01-05 10:01:16.211root 11241100x80000000000000006954998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baa2af18c7008252022-01-05 10:01:16.211root 11241100x80000000000000006954999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7760c8561290423c2022-01-05 10:01:16.211root 11241100x80000000000000006955000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1469e8a3712f6e62022-01-05 10:01:16.211root 11241100x80000000000000006955001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb02c3d1d1432c242022-01-05 10:01:16.211root 11241100x80000000000000006955002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515e6faf30213d962022-01-05 10:01:16.211root 11241100x80000000000000006955003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1d1a9e27ffca622022-01-05 10:01:16.211root 11241100x80000000000000006955004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430db7294c2202ef2022-01-05 10:01:16.211root 11241100x80000000000000006955005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de973a29127582702022-01-05 10:01:16.211root 11241100x80000000000000006955006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1551b8ec4f35482022-01-05 10:01:16.211root 11241100x80000000000000006955007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249d54a6680c01862022-01-05 10:01:16.212root 11241100x80000000000000006955008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf066787267a45b2022-01-05 10:01:16.212root 11241100x80000000000000006955009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db538a88b5e4e1da2022-01-05 10:01:16.212root 11241100x80000000000000006955010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43a6556ce254de12022-01-05 10:01:16.212root 11241100x80000000000000006955011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6407c2017804862022-01-05 10:01:16.212root 11241100x80000000000000006955012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50692ffc9773056b2022-01-05 10:01:16.710root 11241100x80000000000000006955013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e83b10d817d386b2022-01-05 10:01:16.710root 11241100x80000000000000006955014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb0732eca315cb02022-01-05 10:01:16.710root 11241100x80000000000000006955015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfbdc92644e4c452022-01-05 10:01:16.710root 11241100x80000000000000006955016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a830e94fce6a37f2022-01-05 10:01:16.710root 11241100x80000000000000006955017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41853f9072a9f1da2022-01-05 10:01:16.711root 11241100x80000000000000006955018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc0d0dbd458516f2022-01-05 10:01:16.711root 11241100x80000000000000006955019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97173a966103e4132022-01-05 10:01:16.711root 11241100x80000000000000006955020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ece3e44b8dca342022-01-05 10:01:16.711root 11241100x80000000000000006955021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be04697dc41713192022-01-05 10:01:16.712root 11241100x80000000000000006955022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11838429ba8927e2022-01-05 10:01:16.712root 11241100x80000000000000006955023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c156db2d87e76e82022-01-05 10:01:16.712root 11241100x80000000000000006955024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac5a10bfa0c00342022-01-05 10:01:16.712root 11241100x80000000000000006955025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe318d8f5ae3f40c2022-01-05 10:01:16.712root 11241100x80000000000000006955026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065bd20aed32b26b2022-01-05 10:01:16.712root 11241100x80000000000000006955027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb72ed861c4fcd442022-01-05 10:01:16.713root 11241100x80000000000000006955028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802b732243d182692022-01-05 10:01:16.713root 11241100x80000000000000006955029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662ba74fc6eeb77f2022-01-05 10:01:16.713root 11241100x80000000000000006955030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6292cf581258f9c2022-01-05 10:01:16.713root 11241100x80000000000000006955031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2899ad023a1d25542022-01-05 10:01:16.713root 11241100x80000000000000006955032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10db57be8f2963692022-01-05 10:01:16.714root 11241100x80000000000000006955033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7e0b2617dc0b422022-01-05 10:01:16.714root 11241100x80000000000000006955034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c3a21b0d1425c82022-01-05 10:01:16.714root 11241100x80000000000000006955035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210e0d7ccd1551722022-01-05 10:01:16.714root 11241100x80000000000000006955036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e49c5f5ae89c5c2022-01-05 10:01:16.714root 354300x80000000000000006955037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.163{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41680-false10.0.1.12-8000- 11241100x80000000000000006955038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15d9542fc470ade2022-01-05 10:01:17.164root 11241100x80000000000000006955039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2338aad80d946072022-01-05 10:01:17.164root 11241100x80000000000000006955040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de38c19883a62cad2022-01-05 10:01:17.164root 11241100x80000000000000006955041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55b3a4f856229662022-01-05 10:01:17.165root 11241100x80000000000000006955042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f9f3bdf2b6d82a2022-01-05 10:01:17.165root 11241100x80000000000000006955043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c867078b7af3cc2022-01-05 10:01:17.165root 11241100x80000000000000006955044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe6e522ef9dad532022-01-05 10:01:17.165root 11241100x80000000000000006955045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85792a150d18ee22022-01-05 10:01:17.165root 11241100x80000000000000006955046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74032d5a95611ce42022-01-05 10:01:17.165root 11241100x80000000000000006955047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25938998a2a6b722022-01-05 10:01:17.165root 11241100x80000000000000006955048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f376ff6b77171c2022-01-05 10:01:17.166root 11241100x80000000000000006955049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c77c5042eceec812022-01-05 10:01:17.166root 11241100x80000000000000006955050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd27ac3b90a6bf092022-01-05 10:01:17.166root 11241100x80000000000000006955051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88704419b7d2359b2022-01-05 10:01:17.166root 11241100x80000000000000006955052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9649780de077cd2022-01-05 10:01:17.166root 11241100x80000000000000006955053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc6c68aa186b9252022-01-05 10:01:17.167root 11241100x80000000000000006955054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a181beb5ba1865692022-01-05 10:01:17.167root 11241100x80000000000000006955055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb63748171055012022-01-05 10:01:17.167root 11241100x80000000000000006955056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93d11cb065bf3a72022-01-05 10:01:17.167root 11241100x80000000000000006955057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec1a92abff17f2e2022-01-05 10:01:17.167root 11241100x80000000000000006955058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57493c0523f1f6b52022-01-05 10:01:17.167root 11241100x80000000000000006955059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.168{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c7d227f293863f2022-01-05 10:01:17.168root 11241100x80000000000000006955060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.168{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18ab43102aac6902022-01-05 10:01:17.168root 11241100x80000000000000006955061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abad98c2212437cd2022-01-05 10:01:17.169root 11241100x80000000000000006955062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97da213c69423862022-01-05 10:01:17.169root 11241100x80000000000000006955063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fc3e3db306752e2022-01-05 10:01:17.169root 11241100x80000000000000006955064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bc5adc76013bfd2022-01-05 10:01:17.169root 11241100x80000000000000006955065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9495eba0c365f37d2022-01-05 10:01:17.169root 11241100x80000000000000006955066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37fb5e74cfc452f2022-01-05 10:01:17.169root 11241100x80000000000000006955067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.170{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02025ca7df47f47c2022-01-05 10:01:17.170root 11241100x80000000000000006955068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.170{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e54bc62b0dcdb662022-01-05 10:01:17.170root 11241100x80000000000000006955069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.170{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bb26416a3614042022-01-05 10:01:17.170root 11241100x80000000000000006955070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f18156fc09374f22022-01-05 10:01:17.460root 11241100x80000000000000006955071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5be609173b55cd02022-01-05 10:01:17.460root 11241100x80000000000000006955072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a164d1a73745b4eb2022-01-05 10:01:17.460root 11241100x80000000000000006955073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a27ed280cf01962022-01-05 10:01:17.460root 11241100x80000000000000006955074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5334e5208bf7b4512022-01-05 10:01:17.460root 11241100x80000000000000006955075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1add929c6bc2062022-01-05 10:01:17.460root 11241100x80000000000000006955076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8415aee814e59d62022-01-05 10:01:17.460root 11241100x80000000000000006955077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f13fecad9d753c02022-01-05 10:01:17.460root 11241100x80000000000000006955078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceadb0aed49af4252022-01-05 10:01:17.460root 11241100x80000000000000006955079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9618fcc7b6a609a22022-01-05 10:01:17.460root 11241100x80000000000000006955080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254541f5206f529b2022-01-05 10:01:17.461root 11241100x80000000000000006955081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6e769f1e09fd972022-01-05 10:01:17.461root 11241100x80000000000000006955082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a82b22efd9c10d2022-01-05 10:01:17.461root 11241100x80000000000000006955083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204d0a0a2988b0682022-01-05 10:01:17.461root 11241100x80000000000000006955084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700e1cdd2169b7962022-01-05 10:01:17.461root 11241100x80000000000000006955085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d6b8853f08d4c02022-01-05 10:01:17.461root 11241100x80000000000000006955086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7992bbdfb8607822022-01-05 10:01:17.461root 11241100x80000000000000006955087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9371f39f51fe152022-01-05 10:01:17.461root 11241100x80000000000000006955088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052d81507c07a1452022-01-05 10:01:17.461root 11241100x80000000000000006955089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d49d116884d7a72022-01-05 10:01:17.461root 11241100x80000000000000006955090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1833a7b0092203b2022-01-05 10:01:17.461root 11241100x80000000000000006955091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9e33978a0669802022-01-05 10:01:17.461root 11241100x80000000000000006955092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9d96ef17604f5b2022-01-05 10:01:17.462root 11241100x80000000000000006955093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798d6adf8dc22b9d2022-01-05 10:01:17.462root 11241100x80000000000000006955094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e817a29af632782d2022-01-05 10:01:17.462root 11241100x80000000000000006955095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7114c84230cc302022-01-05 10:01:17.462root 11241100x80000000000000006955096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3813ff9ed1d306802022-01-05 10:01:17.959root 11241100x80000000000000006955097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55029b65e6e21822022-01-05 10:01:17.959root 11241100x80000000000000006955098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ec2f95b43b99dc2022-01-05 10:01:17.959root 11241100x80000000000000006955099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d864b45792e2e82022-01-05 10:01:17.960root 11241100x80000000000000006955100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919bc6d6ad30de8e2022-01-05 10:01:17.960root 11241100x80000000000000006955101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dc672f8606fe5a2022-01-05 10:01:17.960root 11241100x80000000000000006955102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e073a16c4fec3ef62022-01-05 10:01:17.960root 11241100x80000000000000006955103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01dc2e545ba03bb2022-01-05 10:01:17.961root 11241100x80000000000000006955104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21094f40c1e342932022-01-05 10:01:17.961root 11241100x80000000000000006955105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4381a7e484a85f022022-01-05 10:01:17.961root 11241100x80000000000000006955106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc869d1e352443e2022-01-05 10:01:17.961root 11241100x80000000000000006955107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809f40ac0a6087522022-01-05 10:01:17.961root 11241100x80000000000000006955108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d207f773f5df0bc42022-01-05 10:01:17.962root 11241100x80000000000000006955109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0756c887296b69082022-01-05 10:01:17.962root 11241100x80000000000000006955110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b68643d329255c2022-01-05 10:01:17.962root 11241100x80000000000000006955111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f8886cfe269a32022-01-05 10:01:17.962root 11241100x80000000000000006955112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377e1338d74b8af92022-01-05 10:01:17.962root 11241100x80000000000000006955113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da942007a80947082022-01-05 10:01:17.962root 11241100x80000000000000006955114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca7c770fc6162242022-01-05 10:01:17.962root 11241100x80000000000000006955115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff67a76f3332f2042022-01-05 10:01:17.963root 11241100x80000000000000006955116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc25519d2adaf3ba2022-01-05 10:01:17.963root 11241100x80000000000000006955117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3ef4fc9c92b5ab2022-01-05 10:01:17.963root 11241100x80000000000000006955118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5ab1b6e50dbac2022-01-05 10:01:17.963root 11241100x80000000000000006955119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f6a93a775307542022-01-05 10:01:17.963root 11241100x80000000000000006955120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc822ba99bf7ec2022-01-05 10:01:17.964root 11241100x80000000000000006955121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91033d02a7f5a95c2022-01-05 10:01:17.964root 11241100x80000000000000006955122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87eed2ec70c88a42022-01-05 10:01:17.964root 11241100x80000000000000006955123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608ed575b5ebe9322022-01-05 10:01:17.964root 11241100x80000000000000006955124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c620a31a0b9e0b292022-01-05 10:01:17.965root 11241100x80000000000000006955125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2513a394b980dff2022-01-05 10:01:17.965root 11241100x80000000000000006955126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729f52a0d25502ac2022-01-05 10:01:17.967root 11241100x80000000000000006955127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a33519606a27792022-01-05 10:01:17.968root 11241100x80000000000000006955128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d972ba078d79522022-01-05 10:01:18.459root 11241100x80000000000000006955129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26c5006eab09db62022-01-05 10:01:18.459root 11241100x80000000000000006955130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aba6ed989fce312022-01-05 10:01:18.459root 11241100x80000000000000006955131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b14b68281fe2912022-01-05 10:01:18.459root 11241100x80000000000000006955132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4f04252bc02c202022-01-05 10:01:18.459root 11241100x80000000000000006955133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09187f0948ca53662022-01-05 10:01:18.459root 11241100x80000000000000006955134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300e20e9c1673ea92022-01-05 10:01:18.459root 11241100x80000000000000006955135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeba64dde66c2f202022-01-05 10:01:18.459root 11241100x80000000000000006955136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8bf2e76548a14d2022-01-05 10:01:18.459root 11241100x80000000000000006955137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecec8aadac4ff402022-01-05 10:01:18.460root 11241100x80000000000000006955138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296176dc8e8dc1f12022-01-05 10:01:18.460root 11241100x80000000000000006955139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46f801a602ab0fd2022-01-05 10:01:18.460root 11241100x80000000000000006955140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee49d6ad89b543472022-01-05 10:01:18.461root 11241100x80000000000000006955141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faf3bbb0471800a2022-01-05 10:01:18.461root 11241100x80000000000000006955142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6d4dbd0427c08f2022-01-05 10:01:18.461root 11241100x80000000000000006955143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b78e92bd8f8f03e2022-01-05 10:01:18.461root 11241100x80000000000000006955144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7896be309a27822022-01-05 10:01:18.461root 11241100x80000000000000006955145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b370798a4b9b1c032022-01-05 10:01:18.462root 11241100x80000000000000006955146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f51b6120cdd288c2022-01-05 10:01:18.462root 11241100x80000000000000006955147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0c61dcc1acd0932022-01-05 10:01:18.462root 11241100x80000000000000006955148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493fdf8af26e20582022-01-05 10:01:18.462root 11241100x80000000000000006955149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bd7ed06fea85212022-01-05 10:01:18.462root 11241100x80000000000000006955150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0454f278fbace7642022-01-05 10:01:18.462root 11241100x80000000000000006955151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6369ae71fff86e3f2022-01-05 10:01:18.462root 11241100x80000000000000006955152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c395602613952d2022-01-05 10:01:18.462root 11241100x80000000000000006955153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e933476fcfe940552022-01-05 10:01:18.462root 11241100x80000000000000006955154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672222199dde71922022-01-05 10:01:18.462root 11241100x80000000000000006955155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a2b169fe6444d72022-01-05 10:01:18.959root 11241100x80000000000000006955156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f238d0d64becc522022-01-05 10:01:18.959root 11241100x80000000000000006955157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066d0ec3d94392302022-01-05 10:01:18.959root 11241100x80000000000000006955158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2510f124f4fc33a2022-01-05 10:01:18.959root 11241100x80000000000000006955159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc20cd921f480b92022-01-05 10:01:18.959root 11241100x80000000000000006955160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc9e99b76d1fe3d2022-01-05 10:01:18.959root 11241100x80000000000000006955161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cc9ffd677d7cc62022-01-05 10:01:18.959root 11241100x80000000000000006955162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a5ae94ba988a72022-01-05 10:01:18.959root 11241100x80000000000000006955163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6991248b5272622022-01-05 10:01:18.959root 11241100x80000000000000006955164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55f769ba5d27e422022-01-05 10:01:18.960root 11241100x80000000000000006955165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f298993b3c1cc532022-01-05 10:01:18.960root 11241100x80000000000000006955166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3480d9e5d186f6752022-01-05 10:01:18.960root 11241100x80000000000000006955167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a2898e477e04822022-01-05 10:01:18.960root 11241100x80000000000000006955168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8cf7b236c856ff2022-01-05 10:01:18.960root 11241100x80000000000000006955169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e1d84d970fa45b2022-01-05 10:01:18.960root 11241100x80000000000000006955170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf97c854f424e1b2022-01-05 10:01:18.960root 11241100x80000000000000006955171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941ad573aa5a8d5e2022-01-05 10:01:18.960root 11241100x80000000000000006955172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926e4a1d431fd3e22022-01-05 10:01:18.960root 11241100x80000000000000006955173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d85358d9614101c2022-01-05 10:01:18.961root 11241100x80000000000000006955174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11df8e5aa3d502352022-01-05 10:01:18.961root 11241100x80000000000000006955175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8727caf6470f5ac2022-01-05 10:01:18.961root 11241100x80000000000000006955176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c16748023984752022-01-05 10:01:18.961root 11241100x80000000000000006955177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09a980a56ce68ae2022-01-05 10:01:18.961root 11241100x80000000000000006955178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f828aa98eef3e2022-01-05 10:01:18.961root 11241100x80000000000000006955179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3db2fdb330840d62022-01-05 10:01:18.961root 11241100x80000000000000006955180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489f118e46b1f7792022-01-05 10:01:18.961root 11241100x80000000000000006955181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8979929852675d6e2022-01-05 10:01:18.961root 11241100x80000000000000006955182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89205075ac978e612022-01-05 10:01:18.961root 11241100x80000000000000006955183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb6f011178aee72022-01-05 10:01:18.961root 11241100x80000000000000006955184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4af9b170c9af8c22022-01-05 10:01:18.961root 11241100x80000000000000006955185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01129f37dac7b942022-01-05 10:01:18.961root 11241100x80000000000000006955186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b8c135bfed776f2022-01-05 10:01:18.962root 11241100x80000000000000006955187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d47cc4bbfbd0c3a2022-01-05 10:01:18.962root 11241100x80000000000000006955188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ccce3ce6c3ccb72022-01-05 10:01:18.962root 11241100x80000000000000006955189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c7d94e200868432022-01-05 10:01:18.962root 11241100x80000000000000006955190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21d1ec0dd59f0202022-01-05 10:01:18.962root 11241100x80000000000000006955191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3bcd3552f8c7902022-01-05 10:01:18.962root 11241100x80000000000000006955192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78643ac5e425641b2022-01-05 10:01:18.962root 11241100x80000000000000006955193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78481f2d60cd8df52022-01-05 10:01:18.962root 11241100x80000000000000006955194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a47044e731ccd382022-01-05 10:01:18.962root 11241100x80000000000000006955195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206aa8ad7ee543852022-01-05 10:01:18.962root 11241100x80000000000000006955196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2681afdad6de37912022-01-05 10:01:18.962root 11241100x80000000000000006955197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428a8deaf375270d2022-01-05 10:01:18.962root 11241100x80000000000000006955198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325d3740453e5b2c2022-01-05 10:01:18.962root 11241100x80000000000000006955199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eee5c58af76a442022-01-05 10:01:18.963root 11241100x80000000000000006955200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143a9bfcece38aa92022-01-05 10:01:18.963root 11241100x80000000000000006955201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3fa40e6d219cb92022-01-05 10:01:18.963root 11241100x80000000000000006955202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5939df9720dac9d2022-01-05 10:01:18.963root 11241100x80000000000000006955203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9057c817ba72102022-01-05 10:01:18.963root 11241100x80000000000000006955204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59914d86ddb29d0b2022-01-05 10:01:18.963root 11241100x80000000000000006955205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b159a99b735fe5242022-01-05 10:01:18.963root 11241100x80000000000000006955206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a73e5c5bf6c448a2022-01-05 10:01:18.963root 11241100x80000000000000006955207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e769bab4dad31c2022-01-05 10:01:18.963root 11241100x80000000000000006955208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83347f720dd55f532022-01-05 10:01:18.964root 11241100x80000000000000006955209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988ff610fcaf8db72022-01-05 10:01:18.964root 11241100x80000000000000006955210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1410b07b0343ea2022-01-05 10:01:18.964root 11241100x80000000000000006955211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191b2570d0c0b1242022-01-05 10:01:18.964root 11241100x80000000000000006955212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109fd7f4b94d5a322022-01-05 10:01:18.964root 11241100x80000000000000006955213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b95672eca98ed1a2022-01-05 10:01:18.964root 11241100x80000000000000006955214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54b0043d7fcef502022-01-05 10:01:18.964root 11241100x80000000000000006955215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23846e3dfe8b69712022-01-05 10:01:18.964root 11241100x80000000000000006955216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78abbc6a5f0cd68b2022-01-05 10:01:18.964root 11241100x80000000000000006955217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d16c5ebdbf60942022-01-05 10:01:18.964root 11241100x80000000000000006955218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f7f345d74aef792022-01-05 10:01:18.964root 11241100x80000000000000006955219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840ab2afc6512eb22022-01-05 10:01:18.964root 11241100x80000000000000006955220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77256714b44c823e2022-01-05 10:01:18.964root 11241100x80000000000000006955221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ab2759b4a7d4c92022-01-05 10:01:18.965root 11241100x80000000000000006955222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9162f8302992c32022-01-05 10:01:18.965root 11241100x80000000000000006955223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98776380d92490012022-01-05 10:01:18.965root 11241100x80000000000000006955224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d348e081cb774dcd2022-01-05 10:01:18.965root 11241100x80000000000000006955225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02269ca1b32086f72022-01-05 10:01:18.965root 11241100x80000000000000006955226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd953594326222662022-01-05 10:01:18.965root 11241100x80000000000000006955227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fd6249f5050b902022-01-05 10:01:18.965root 11241100x80000000000000006955228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c534566aff29d82022-01-05 10:01:18.965root 11241100x80000000000000006955229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe46456637d873152022-01-05 10:01:18.965root 11241100x80000000000000006955230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5aa36077d7cfa22022-01-05 10:01:18.965root 11241100x80000000000000006955231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1a96d6787c4f92022-01-05 10:01:18.966root 11241100x80000000000000006955232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8716635547cde5172022-01-05 10:01:18.966root 11241100x80000000000000006955233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3256e8b688fd9acf2022-01-05 10:01:18.966root 11241100x80000000000000006955234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1827435ea2ac288f2022-01-05 10:01:18.966root 11241100x80000000000000006955235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa6825f72e5ff892022-01-05 10:01:18.966root 11241100x80000000000000006955236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ceef9ccf7ee9b62022-01-05 10:01:18.966root 11241100x80000000000000006955237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8617207fc5adfc992022-01-05 10:01:18.966root 11241100x80000000000000006955238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6589ba960b6eefb52022-01-05 10:01:18.966root 11241100x80000000000000006955239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec47801ea68ac8d2022-01-05 10:01:18.967root 11241100x80000000000000006955240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b244f126e0d592022-01-05 10:01:18.967root 11241100x80000000000000006955241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387a078122c105ad2022-01-05 10:01:18.967root 11241100x80000000000000006955242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cc3abb110a7b0b2022-01-05 10:01:18.967root 11241100x80000000000000006955243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa71891567b7b4b2022-01-05 10:01:18.968root 11241100x80000000000000006955244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea86ce3c2b7d54a2022-01-05 10:01:18.968root 11241100x80000000000000006955245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaca075e2cc09b62022-01-05 10:01:18.968root 11241100x80000000000000006955246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faef4b494901e63d2022-01-05 10:01:19.459root 11241100x80000000000000006955247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaace48499bb12c2022-01-05 10:01:19.459root 11241100x80000000000000006955248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdc3ac11acb190e2022-01-05 10:01:19.459root 11241100x80000000000000006955249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d5c3517e8944992022-01-05 10:01:19.459root 11241100x80000000000000006955250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63bc4bd83a57efe2022-01-05 10:01:19.460root 11241100x80000000000000006955251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841a6f825a6b8f8f2022-01-05 10:01:19.460root 11241100x80000000000000006955252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd11759aaf4f0612022-01-05 10:01:19.460root 11241100x80000000000000006955253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4084f63a512416802022-01-05 10:01:19.460root 11241100x80000000000000006955254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea983f654dad78e2022-01-05 10:01:19.460root 11241100x80000000000000006955255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff85f27bd072b0ef2022-01-05 10:01:19.460root 11241100x80000000000000006955256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701d13f9ae0408672022-01-05 10:01:19.460root 11241100x80000000000000006955257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90a5abdf2c2c0ca2022-01-05 10:01:19.460root 11241100x80000000000000006955258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc275c6e95bcd05d2022-01-05 10:01:19.460root 11241100x80000000000000006955259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ac774655c182262022-01-05 10:01:19.460root 11241100x80000000000000006955260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d377f848b9111592022-01-05 10:01:19.461root 11241100x80000000000000006955261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07203c6daa36f5d62022-01-05 10:01:19.461root 11241100x80000000000000006955262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf26c2446560e4a2022-01-05 10:01:19.461root 11241100x80000000000000006955263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9d0114ef5fc7342022-01-05 10:01:19.461root 11241100x80000000000000006955264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71cb5735f8b77aa2022-01-05 10:01:19.461root 11241100x80000000000000006955265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c2b07bd73265f22022-01-05 10:01:19.461root 11241100x80000000000000006955266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389ea2cde2e711e52022-01-05 10:01:19.461root 11241100x80000000000000006955267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c1a089b8bd50d52022-01-05 10:01:19.461root 11241100x80000000000000006955268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89adb32902e5bef92022-01-05 10:01:19.461root 11241100x80000000000000006955269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904537d84a47b7e52022-01-05 10:01:19.461root 11241100x80000000000000006955270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560652fda6f8b0f22022-01-05 10:01:19.461root 11241100x80000000000000006955271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9788ac167dca51882022-01-05 10:01:19.461root 11241100x80000000000000006955272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dda37a6a6982232022-01-05 10:01:19.461root 11241100x80000000000000006955273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb0990bfe4cafb82022-01-05 10:01:19.461root 11241100x80000000000000006955274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d73aff6caac34e62022-01-05 10:01:19.461root 11241100x80000000000000006955275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7a83e62c32df022022-01-05 10:01:19.462root 11241100x80000000000000006955276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e34bd2327b54c92022-01-05 10:01:19.959root 11241100x80000000000000006955277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d576ff8a9446942022-01-05 10:01:19.959root 11241100x80000000000000006955278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617b3b5b037fa3a2022-01-05 10:01:19.960root 11241100x80000000000000006955279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd390b74bbcebeca2022-01-05 10:01:19.960root 11241100x80000000000000006955280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098a306e7469fd2c2022-01-05 10:01:19.960root 11241100x80000000000000006955281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0750f52d40353cc02022-01-05 10:01:19.960root 11241100x80000000000000006955282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c205ffcc0596d2022-01-05 10:01:19.960root 11241100x80000000000000006955283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9575c667473fdb5c2022-01-05 10:01:19.961root 11241100x80000000000000006955284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f927ed571038306f2022-01-05 10:01:19.961root 11241100x80000000000000006955285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a247562fea7eb0a2022-01-05 10:01:19.961root 11241100x80000000000000006955286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce92b3390b93543f2022-01-05 10:01:19.961root 11241100x80000000000000006955287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2a741bcc9602c32022-01-05 10:01:19.961root 11241100x80000000000000006955288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec36162b864cd9982022-01-05 10:01:19.961root 11241100x80000000000000006955289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eb000b16cf900d2022-01-05 10:01:19.961root 11241100x80000000000000006955290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724e6f50efb89692022-01-05 10:01:19.961root 11241100x80000000000000006955291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6ca0787266d8302022-01-05 10:01:19.961root 11241100x80000000000000006955292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457ca9056d1c27da2022-01-05 10:01:19.961root 11241100x80000000000000006955293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1cb267ebd0ae722022-01-05 10:01:19.961root 11241100x80000000000000006955294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e75cd5149a01af2022-01-05 10:01:19.961root 11241100x80000000000000006955295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6929686fb827e132022-01-05 10:01:19.961root 11241100x80000000000000006955296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1125cd48e9201c522022-01-05 10:01:19.961root 11241100x80000000000000006955297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d53067f254edde2022-01-05 10:01:19.962root 11241100x80000000000000006955298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb534525d7cfcb9d2022-01-05 10:01:19.962root 11241100x80000000000000006955299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b0bae5a87b9b542022-01-05 10:01:19.962root 11241100x80000000000000006955300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa7d75c20e8bf292022-01-05 10:01:19.962root 11241100x80000000000000006955301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb4add91d8b5c32022-01-05 10:01:19.962root 11241100x80000000000000006955302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127dcc6aee7f803b2022-01-05 10:01:19.962root 11241100x80000000000000006955303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de17597271d136332022-01-05 10:01:20.459root 11241100x80000000000000006955304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b66d5a775aeacf2022-01-05 10:01:20.459root 11241100x80000000000000006955305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35994abdfeb05b7c2022-01-05 10:01:20.459root 11241100x80000000000000006955306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d83a28fee7d74ec2022-01-05 10:01:20.459root 11241100x80000000000000006955307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19493e7d34876f7c2022-01-05 10:01:20.459root 11241100x80000000000000006955308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cefd487a2ef2b4f2022-01-05 10:01:20.460root 11241100x80000000000000006955309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5076a6ed8c82dcda2022-01-05 10:01:20.460root 11241100x80000000000000006955310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df75502833f98e4b2022-01-05 10:01:20.460root 11241100x80000000000000006955311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d8a74a622e967a2022-01-05 10:01:20.460root 11241100x80000000000000006955312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30adaf3859bc9ec2022-01-05 10:01:20.460root 11241100x80000000000000006955313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae709b7c0b5d47b12022-01-05 10:01:20.460root 11241100x80000000000000006955314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82eb8194afd414a2022-01-05 10:01:20.460root 11241100x80000000000000006955315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19e8adc132bed852022-01-05 10:01:20.460root 11241100x80000000000000006955316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a676cf95ea1d872022-01-05 10:01:20.460root 11241100x80000000000000006955317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914c89d2ba809f02022-01-05 10:01:20.460root 11241100x80000000000000006955318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7cef9ceabad86d2022-01-05 10:01:20.460root 11241100x80000000000000006955319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd528005526e7512022-01-05 10:01:20.460root 11241100x80000000000000006955320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858fe64bd2b519182022-01-05 10:01:20.460root 11241100x80000000000000006955321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dc317d1a91e7ed2022-01-05 10:01:20.461root 11241100x80000000000000006955322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0a64ba688da11e2022-01-05 10:01:20.461root 11241100x80000000000000006955323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4333efbf7e383b552022-01-05 10:01:20.461root 11241100x80000000000000006955324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb879811a71517d2022-01-05 10:01:20.461root 11241100x80000000000000006955325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a695d41f6928ca8d2022-01-05 10:01:20.461root 11241100x80000000000000006955326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c1fda89aedb1232022-01-05 10:01:20.461root 11241100x80000000000000006955327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ebb51fbc4a17d42022-01-05 10:01:20.461root 11241100x80000000000000006955328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58464164afc8bf342022-01-05 10:01:20.461root 11241100x80000000000000006955329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68b65ce196a6abd2022-01-05 10:01:20.461root 11241100x80000000000000006955330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e8ff5434bd48ab2022-01-05 10:01:20.461root 11241100x80000000000000006955331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c55966c715bd332022-01-05 10:01:20.461root 11241100x80000000000000006955332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330f54c468ce278c2022-01-05 10:01:20.959root 11241100x80000000000000006955333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792db8ad0f3328e72022-01-05 10:01:20.959root 11241100x80000000000000006955334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7d3e8c224363d72022-01-05 10:01:20.960root 11241100x80000000000000006955335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170929ae6cc2b9962022-01-05 10:01:20.960root 11241100x80000000000000006955336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5967a997ce039c2022-01-05 10:01:20.960root 11241100x80000000000000006955337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449d0ad63f2236922022-01-05 10:01:20.960root 11241100x80000000000000006955338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779823e116da4d0a2022-01-05 10:01:20.960root 11241100x80000000000000006955339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e818bbecc03afd6d2022-01-05 10:01:20.960root 11241100x80000000000000006955340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a86b7e514396bc52022-01-05 10:01:20.960root 11241100x80000000000000006955341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f95e27f06d469f2022-01-05 10:01:20.960root 11241100x80000000000000006955342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e9e32fd63a92512022-01-05 10:01:20.960root 11241100x80000000000000006955343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbab3ef36bd450d2022-01-05 10:01:20.960root 11241100x80000000000000006955344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be53e8ad2386b4e72022-01-05 10:01:20.960root 11241100x80000000000000006955345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6043d01dbc5932022-01-05 10:01:20.960root 11241100x80000000000000006955346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1228a19ce82d24782022-01-05 10:01:20.960root 11241100x80000000000000006955347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a0d555724c50f62022-01-05 10:01:20.961root 11241100x80000000000000006955348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862b33867cc1fb4a2022-01-05 10:01:20.961root 11241100x80000000000000006955349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734999d1ea51734c2022-01-05 10:01:20.961root 11241100x80000000000000006955350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b50ba1aca173092022-01-05 10:01:20.961root 11241100x80000000000000006955351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448d5113e7ef245a2022-01-05 10:01:20.961root 11241100x80000000000000006955352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906b9015e7f745062022-01-05 10:01:20.961root 11241100x80000000000000006955353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e24945f25662b42022-01-05 10:01:20.961root 11241100x80000000000000006955354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9028e5b93b809c9f2022-01-05 10:01:20.961root 11241100x80000000000000006955355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603bde1c54311cf22022-01-05 10:01:20.961root 11241100x80000000000000006955356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6d5cffea9769422022-01-05 10:01:20.961root 11241100x80000000000000006955357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee9436f57afd7892022-01-05 10:01:20.961root 11241100x80000000000000006955358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcf0d2f80ab1f442022-01-05 10:01:20.961root 11241100x80000000000000006955359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139bad3c86d978a92022-01-05 10:01:21.459root 11241100x80000000000000006955360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b01e59f5f706ed32022-01-05 10:01:21.460root 11241100x80000000000000006955361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6ed0de626324ee2022-01-05 10:01:21.460root 11241100x80000000000000006955362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de320ed6d98b44962022-01-05 10:01:21.460root 11241100x80000000000000006955363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd376f8ae9cd86792022-01-05 10:01:21.460root 11241100x80000000000000006955364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a108b4749d568fe2022-01-05 10:01:21.460root 11241100x80000000000000006955365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdd5ecf05f5f6732022-01-05 10:01:21.460root 11241100x80000000000000006955366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f346dffebafc6b2022-01-05 10:01:21.460root 11241100x80000000000000006955367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9116cdac050c29722022-01-05 10:01:21.460root 11241100x80000000000000006955368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233a6cc2b0d51b582022-01-05 10:01:21.460root 11241100x80000000000000006955369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d210b74155613ad2022-01-05 10:01:21.460root 11241100x80000000000000006955370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e00c4b591e45e12022-01-05 10:01:21.460root 11241100x80000000000000006955371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82bc75eee1f28452022-01-05 10:01:21.460root 11241100x80000000000000006955372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5643c83fda4b35be2022-01-05 10:01:21.461root 11241100x80000000000000006955373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ff36474a8a99e42022-01-05 10:01:21.461root 11241100x80000000000000006955374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad8de03a2de8eb42022-01-05 10:01:21.461root 11241100x80000000000000006955375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c5c8ef4abb117c2022-01-05 10:01:21.461root 11241100x80000000000000006955376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0616138e6d31e4002022-01-05 10:01:21.461root 11241100x80000000000000006955377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866f23f90ceefbc92022-01-05 10:01:21.461root 11241100x80000000000000006955378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7df506590fe71e2022-01-05 10:01:21.461root 11241100x80000000000000006955379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cc324a406237b42022-01-05 10:01:21.461root 11241100x80000000000000006955380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caef379535833bdb2022-01-05 10:01:21.461root 11241100x80000000000000006955381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dede96069f142e42022-01-05 10:01:21.461root 11241100x80000000000000006955382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bff733163c35e172022-01-05 10:01:21.461root 11241100x80000000000000006955383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe568bb228ad31b2022-01-05 10:01:21.461root 11241100x80000000000000006955384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa2e38f13aa67a42022-01-05 10:01:21.461root 11241100x80000000000000006955385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3976bc155b59dd92022-01-05 10:01:21.960root 11241100x80000000000000006955386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e085f46d4adb37b2022-01-05 10:01:21.960root 11241100x80000000000000006955387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a7bf87a13433cf2022-01-05 10:01:21.960root 11241100x80000000000000006955388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deabf88afdd9f0522022-01-05 10:01:21.960root 11241100x80000000000000006955389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44439f704d6c22102022-01-05 10:01:21.960root 11241100x80000000000000006955390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2d88d4ace0831b2022-01-05 10:01:21.960root 11241100x80000000000000006955391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332755b0b61d98712022-01-05 10:01:21.960root 11241100x80000000000000006955392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2b80c7982beb02022-01-05 10:01:21.960root 11241100x80000000000000006955393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af892baf3cdf23682022-01-05 10:01:21.960root 11241100x80000000000000006955394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee371b2e675a288c2022-01-05 10:01:21.960root 11241100x80000000000000006955395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5feceaa0a1a6448a2022-01-05 10:01:21.960root 11241100x80000000000000006955396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee7959dc4efcea22022-01-05 10:01:21.961root 11241100x80000000000000006955397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0fb7bd4a318de52022-01-05 10:01:21.961root 11241100x80000000000000006955398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eec547c8ba2cbc2022-01-05 10:01:21.961root 11241100x80000000000000006955399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3af9e3d84595602022-01-05 10:01:21.961root 11241100x80000000000000006955400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a190a5fa132ab6812022-01-05 10:01:21.961root 11241100x80000000000000006955401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314d0423f5a0fc692022-01-05 10:01:21.961root 11241100x80000000000000006955402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc7f4648f81935a2022-01-05 10:01:21.961root 11241100x80000000000000006955403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c933834eb564f792022-01-05 10:01:21.961root 11241100x80000000000000006955404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4b7126d8e977bc2022-01-05 10:01:21.961root 11241100x80000000000000006955405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c496dabe50863ed72022-01-05 10:01:21.961root 11241100x80000000000000006955406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5bf13abcd2d7a42022-01-05 10:01:21.961root 11241100x80000000000000006955407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f87bc7f405bf1442022-01-05 10:01:21.961root 11241100x80000000000000006955408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30930a9cacce3f52022-01-05 10:01:21.961root 11241100x80000000000000006955409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15e636027992d4b2022-01-05 10:01:21.962root 11241100x80000000000000006955410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3450267f46e75652022-01-05 10:01:21.962root 354300x80000000000000006955411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.211{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41682-false10.0.1.12-8000- 11241100x80000000000000006955412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0760d58d2ac645302022-01-05 10:01:22.213root 11241100x80000000000000006955413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6836264e73e080ff2022-01-05 10:01:22.213root 11241100x80000000000000006955414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffda10ea25ae4a12022-01-05 10:01:22.213root 11241100x80000000000000006955415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d712707f935b172022-01-05 10:01:22.214root 11241100x80000000000000006955416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a5648e9d9b9cd62022-01-05 10:01:22.214root 11241100x80000000000000006955417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ebc34c1b0c6fa12022-01-05 10:01:22.214root 11241100x80000000000000006955418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e06e52b8e307df2022-01-05 10:01:22.215root 11241100x80000000000000006955419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cfa76b9507b89a2022-01-05 10:01:22.215root 11241100x80000000000000006955420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1e5d2331423ab02022-01-05 10:01:22.215root 11241100x80000000000000006955421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6bef31015969802022-01-05 10:01:22.215root 11241100x80000000000000006955422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cc1bfad38aa41c2022-01-05 10:01:22.215root 11241100x80000000000000006955423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c595a673ac8ed7582022-01-05 10:01:22.215root 11241100x80000000000000006955424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555d69723bc646d92022-01-05 10:01:22.216root 11241100x80000000000000006955425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5361f310c81edfa2022-01-05 10:01:22.216root 11241100x80000000000000006955426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20f2a6e6515e3c32022-01-05 10:01:22.216root 11241100x80000000000000006955427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6ce67c7b7eb8b62022-01-05 10:01:22.216root 11241100x80000000000000006955428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a75edeeb4f8cfe2022-01-05 10:01:22.217root 11241100x80000000000000006955429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ab66b7ee3921462022-01-05 10:01:22.217root 11241100x80000000000000006955430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46a5e15b0274d402022-01-05 10:01:22.217root 11241100x80000000000000006955431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d09b9fdda35c202022-01-05 10:01:22.217root 11241100x80000000000000006955432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd1982e4d9bfe62022-01-05 10:01:22.217root 11241100x80000000000000006955433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86a152bb99baa472022-01-05 10:01:22.217root 11241100x80000000000000006955434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b95769af8ea13b82022-01-05 10:01:22.217root 11241100x80000000000000006955435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eb2f6ca6a9bfbd2022-01-05 10:01:22.217root 11241100x80000000000000006955436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba523b32ce61319c2022-01-05 10:01:22.217root 11241100x80000000000000006955437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1703c99324646c2022-01-05 10:01:22.217root 11241100x80000000000000006955438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db4315aeee68b0e2022-01-05 10:01:22.217root 11241100x80000000000000006955439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad36d2b62a39f8672022-01-05 10:01:22.710root 11241100x80000000000000006955440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feaa00deb5788872022-01-05 10:01:22.710root 11241100x80000000000000006955441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b180119fdffd032022-01-05 10:01:22.710root 11241100x80000000000000006955442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba844d661dc5361b2022-01-05 10:01:22.710root 11241100x80000000000000006955443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024af52547b1c88e2022-01-05 10:01:22.710root 11241100x80000000000000006955444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db94aa681824fd6a2022-01-05 10:01:22.710root 11241100x80000000000000006955445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d295e0d218be7fd2022-01-05 10:01:22.710root 11241100x80000000000000006955446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b66aac562aee842022-01-05 10:01:22.711root 11241100x80000000000000006955447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826ec58192e553212022-01-05 10:01:22.711root 11241100x80000000000000006955448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9881ce15fbbd48df2022-01-05 10:01:22.711root 11241100x80000000000000006955449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d76778f09a30a752022-01-05 10:01:22.711root 11241100x80000000000000006955450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de558c16fe6abce32022-01-05 10:01:22.711root 11241100x80000000000000006955451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f297b2dfa8269f12022-01-05 10:01:22.711root 11241100x80000000000000006955452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff92c690179c7172022-01-05 10:01:22.711root 11241100x80000000000000006955453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5645351a7206f12022-01-05 10:01:22.711root 11241100x80000000000000006955454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a341c03daaba89b2022-01-05 10:01:22.712root 11241100x80000000000000006955455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a484f6ed4edf3db02022-01-05 10:01:22.712root 11241100x80000000000000006955456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c174127f2356a22022-01-05 10:01:22.712root 11241100x80000000000000006955457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b643e0c3f4ba6b2022-01-05 10:01:22.712root 11241100x80000000000000006955458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab35c2169d9cb922022-01-05 10:01:22.712root 11241100x80000000000000006955459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495ee1c1522589ba2022-01-05 10:01:22.712root 11241100x80000000000000006955460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b9805e3a0d10462022-01-05 10:01:22.712root 11241100x80000000000000006955461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720b50b8048ad1f72022-01-05 10:01:22.712root 11241100x80000000000000006955462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f02534aeb735aa02022-01-05 10:01:22.713root 11241100x80000000000000006955463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b8f1d2b968ac022022-01-05 10:01:22.713root 11241100x80000000000000006955464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc05595367112092022-01-05 10:01:22.713root 11241100x80000000000000006955465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a31ff0c8e19cdc2022-01-05 10:01:22.713root 11241100x80000000000000006955466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014faac78bc605602022-01-05 10:01:23.210root 11241100x80000000000000006955467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca4a8c7f6cee9c22022-01-05 10:01:23.210root 11241100x80000000000000006955468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ae4ff68c5c5e222022-01-05 10:01:23.210root 11241100x80000000000000006955469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5976fc5754fcb2f62022-01-05 10:01:23.210root 11241100x80000000000000006955470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8fea4660b01b122022-01-05 10:01:23.210root 11241100x80000000000000006955471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e2a5fbbd5227a2022-01-05 10:01:23.210root 11241100x80000000000000006955472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c7b955ba0cc0102022-01-05 10:01:23.210root 11241100x80000000000000006955473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db221be0062a16ea2022-01-05 10:01:23.210root 11241100x80000000000000006955474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dc7f5f8062defd2022-01-05 10:01:23.211root 11241100x80000000000000006955475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70594448a8c50002022-01-05 10:01:23.211root 11241100x80000000000000006955476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540992301c2399152022-01-05 10:01:23.211root 11241100x80000000000000006955477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859e0919cdd969842022-01-05 10:01:23.211root 11241100x80000000000000006955478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7986c0ac1c0751b92022-01-05 10:01:23.211root 11241100x80000000000000006955479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f2a948749b12b32022-01-05 10:01:23.211root 11241100x80000000000000006955480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31081b07c288f8362022-01-05 10:01:23.211root 11241100x80000000000000006955481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bb6bde0b69a6b12022-01-05 10:01:23.211root 11241100x80000000000000006955482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74de3ae336a3a902022-01-05 10:01:23.211root 11241100x80000000000000006955483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bfc4fa12652d102022-01-05 10:01:23.211root 11241100x80000000000000006955484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e60c89bc93805aa2022-01-05 10:01:23.211root 11241100x80000000000000006955485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8ab51c6f92f8a72022-01-05 10:01:23.211root 11241100x80000000000000006955486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb9fc5dccb6cb872022-01-05 10:01:23.211root 11241100x80000000000000006955487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe28d0db8cc02f5d2022-01-05 10:01:23.211root 11241100x80000000000000006955488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7643de7eb860cd8a2022-01-05 10:01:23.212root 11241100x80000000000000006955489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff5d054d275f7c72022-01-05 10:01:23.212root 11241100x80000000000000006955490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61057f7bf4ff16742022-01-05 10:01:23.212root 11241100x80000000000000006955491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f1497046686fef2022-01-05 10:01:23.212root 11241100x80000000000000006955492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845dc2ea2c0078b32022-01-05 10:01:23.212root 11241100x80000000000000006955493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773035fa6bb810e52022-01-05 10:01:23.710root 11241100x80000000000000006955494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15d92d2edfb86902022-01-05 10:01:23.710root 11241100x80000000000000006955495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798f129339b3a10d2022-01-05 10:01:23.710root 11241100x80000000000000006955496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2e0824f32d12152022-01-05 10:01:23.710root 11241100x80000000000000006955497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f128f32db58985c62022-01-05 10:01:23.710root 11241100x80000000000000006955498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fb5034114c4fe12022-01-05 10:01:23.710root 11241100x80000000000000006955499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee028ffca8e64042022-01-05 10:01:23.710root 11241100x80000000000000006955500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b316b0d5e42d432022-01-05 10:01:23.710root 11241100x80000000000000006955501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dca2d098d70dab2022-01-05 10:01:23.711root 11241100x80000000000000006955502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a389a8e46d323e2022-01-05 10:01:23.711root 11241100x80000000000000006955503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a150e97634cde42022-01-05 10:01:23.711root 11241100x80000000000000006955504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df94b6b64b1ecbc2022-01-05 10:01:23.711root 11241100x80000000000000006955505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217a972aa1a269dc2022-01-05 10:01:23.711root 11241100x80000000000000006955506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712ed70e517e303e2022-01-05 10:01:23.711root 11241100x80000000000000006955507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c643d50a052372ce2022-01-05 10:01:23.711root 11241100x80000000000000006955508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283523b93fefc91d2022-01-05 10:01:23.711root 11241100x80000000000000006955509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf87fb8c43defafc2022-01-05 10:01:23.711root 11241100x80000000000000006955510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad778e1e155308e2022-01-05 10:01:23.711root 11241100x80000000000000006955511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d635d85fd7170c2022-01-05 10:01:23.711root 11241100x80000000000000006955512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79338db92e422ef2022-01-05 10:01:23.711root 11241100x80000000000000006955513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e955d0ac690c97902022-01-05 10:01:23.711root 11241100x80000000000000006955514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc895fe1080f73c2022-01-05 10:01:23.711root 11241100x80000000000000006955515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8716dda7b2ff362022-01-05 10:01:23.712root 11241100x80000000000000006955516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13315b4cf76249f72022-01-05 10:01:23.712root 11241100x80000000000000006955517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed84132af08c84772022-01-05 10:01:23.712root 11241100x80000000000000006955518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2c81ab787f092e2022-01-05 10:01:23.712root 11241100x80000000000000006955519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33df41ba65a4d532022-01-05 10:01:23.712root 11241100x80000000000000006955520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a706c611caf5192d2022-01-05 10:01:24.210root 11241100x80000000000000006955521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0291e199ba9f4d12022-01-05 10:01:24.210root 11241100x80000000000000006955522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9640bf8657434e662022-01-05 10:01:24.210root 11241100x80000000000000006955523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029f9e336340c5782022-01-05 10:01:24.210root 11241100x80000000000000006955524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3d6ab39fe07f772022-01-05 10:01:24.210root 11241100x80000000000000006955525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd171f69139423302022-01-05 10:01:24.210root 11241100x80000000000000006955526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f872b0c14ddd82062022-01-05 10:01:24.210root 11241100x80000000000000006955527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856e162d7246d9452022-01-05 10:01:24.211root 11241100x80000000000000006955528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6920a343408f482022-01-05 10:01:24.211root 11241100x80000000000000006955529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcf4168f27437d52022-01-05 10:01:24.211root 11241100x80000000000000006955530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d07542a44885f2022-01-05 10:01:24.211root 11241100x80000000000000006955531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c651637a5f9fff2022-01-05 10:01:24.211root 11241100x80000000000000006955532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607b3e2fa305d6d92022-01-05 10:01:24.211root 11241100x80000000000000006955533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4969c6b84ef0fc2022-01-05 10:01:24.211root 11241100x80000000000000006955534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57991223f69989f32022-01-05 10:01:24.211root 11241100x80000000000000006955535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2feb34ab567ce12022-01-05 10:01:24.211root 11241100x80000000000000006955536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77be46e2c5af1e2022-01-05 10:01:24.211root 11241100x80000000000000006955537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1582d592346772082022-01-05 10:01:24.211root 11241100x80000000000000006955538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8fc1f8f570fbc82022-01-05 10:01:24.211root 11241100x80000000000000006955539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819a84397dccd8072022-01-05 10:01:24.211root 11241100x80000000000000006955540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f42cd4d256fdd332022-01-05 10:01:24.212root 11241100x80000000000000006955541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a5fe715e495812022-01-05 10:01:24.212root 11241100x80000000000000006955542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33ac182b2b4b7f62022-01-05 10:01:24.212root 11241100x80000000000000006955543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6024a78884554b2022-01-05 10:01:24.212root 11241100x80000000000000006955544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88c46436119bd582022-01-05 10:01:24.212root 11241100x80000000000000006955545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68273d5999b67de12022-01-05 10:01:24.212root 11241100x80000000000000006955546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f3619fc80557422022-01-05 10:01:24.212root 11241100x80000000000000006955547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef1b590d146d7c42022-01-05 10:01:24.710root 11241100x80000000000000006955548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e9d609fa6270fe2022-01-05 10:01:24.710root 11241100x80000000000000006955549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649d1a7217939472022-01-05 10:01:24.710root 11241100x80000000000000006955550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb65a71534deacf2022-01-05 10:01:24.710root 11241100x80000000000000006955551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde37d1b66d48d262022-01-05 10:01:24.710root 11241100x80000000000000006955552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d401f23018d6912022-01-05 10:01:24.711root 11241100x80000000000000006955553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a9a13c78b313b2022-01-05 10:01:24.711root 11241100x80000000000000006955554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02c9a5518c5d7a12022-01-05 10:01:24.711root 11241100x80000000000000006955555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e919ee6c14b888092022-01-05 10:01:24.711root 11241100x80000000000000006955556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88831f83f0811bc62022-01-05 10:01:24.711root 11241100x80000000000000006955557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891d3fd9122539892022-01-05 10:01:24.711root 11241100x80000000000000006955558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a8bed512ecac262022-01-05 10:01:24.711root 11241100x80000000000000006955559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8533f56581872d2022-01-05 10:01:24.711root 11241100x80000000000000006955560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9af29047ddb963e2022-01-05 10:01:24.711root 11241100x80000000000000006955561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846b55a18df2a76a2022-01-05 10:01:24.711root 11241100x80000000000000006955562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e1c3f4f9e54a842022-01-05 10:01:24.711root 11241100x80000000000000006955563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13375a917dae5862022-01-05 10:01:24.711root 11241100x80000000000000006955564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3732a85b381c9262022-01-05 10:01:24.711root 11241100x80000000000000006955565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01001d409e0869b2022-01-05 10:01:24.711root 11241100x80000000000000006955566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b453add1ea44e6132022-01-05 10:01:24.711root 11241100x80000000000000006955567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a94473dff23fce2022-01-05 10:01:24.712root 11241100x80000000000000006955568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118c7143b82cf7602022-01-05 10:01:24.712root 11241100x80000000000000006955569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234254a1bc07d3ff2022-01-05 10:01:24.712root 11241100x80000000000000006955570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138b42d9a29ae8872022-01-05 10:01:24.712root 11241100x80000000000000006955571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d214b152c173fcfa2022-01-05 10:01:24.712root 11241100x80000000000000006955572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c39148ca3821e2022-01-05 10:01:24.712root 11241100x80000000000000006955573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6d40adaddfe7b72022-01-05 10:01:24.712root 11241100x80000000000000006955574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ededa5ef0438ea7f2022-01-05 10:01:25.210root 11241100x80000000000000006955575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2909656e2267fc2022-01-05 10:01:25.210root 11241100x80000000000000006955576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d436cae99ef767b2022-01-05 10:01:25.210root 11241100x80000000000000006955577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffdb10ebe2ea39d2022-01-05 10:01:25.210root 11241100x80000000000000006955578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16559a71e7047f32022-01-05 10:01:25.211root 11241100x80000000000000006955579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befe6039c25ff6722022-01-05 10:01:25.211root 11241100x80000000000000006955580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0327297968f20bb2022-01-05 10:01:25.211root 11241100x80000000000000006955581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eef5de04e9ba102022-01-05 10:01:25.211root 11241100x80000000000000006955582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7b2c234e1a7122022-01-05 10:01:25.211root 11241100x80000000000000006955583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6e185f93b08c672022-01-05 10:01:25.211root 11241100x80000000000000006955584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c3f021f90aa8f2022-01-05 10:01:25.211root 11241100x80000000000000006955585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845b87d29f4347f42022-01-05 10:01:25.211root 11241100x80000000000000006955586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb10900cd4059f52022-01-05 10:01:25.211root 11241100x80000000000000006955587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c80b8b7df56a042022-01-05 10:01:25.211root 11241100x80000000000000006955588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccb88d521e1b2222022-01-05 10:01:25.211root 11241100x80000000000000006955589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c183c8d6fdfa9a12022-01-05 10:01:25.211root 11241100x80000000000000006955590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225a77bc80550bc52022-01-05 10:01:25.211root 11241100x80000000000000006955591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcacc8882d00af12022-01-05 10:01:25.211root 11241100x80000000000000006955592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a800b18060a16c32022-01-05 10:01:25.211root 11241100x80000000000000006955593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dc9765deb921302022-01-05 10:01:25.212root 11241100x80000000000000006955594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f46ef5bd8d023282022-01-05 10:01:25.212root 11241100x80000000000000006955595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0db22b03340876a2022-01-05 10:01:25.212root 11241100x80000000000000006955596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2392164cbc0bdca2022-01-05 10:01:25.212root 11241100x80000000000000006955597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30df07b319b1158e2022-01-05 10:01:25.212root 11241100x80000000000000006955598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52f1a804a37c1422022-01-05 10:01:25.212root 11241100x80000000000000006955599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81a6980ad8666142022-01-05 10:01:25.212root 11241100x80000000000000006955600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052d0750d8d35f532022-01-05 10:01:25.212root 11241100x80000000000000006955601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40db92a84bd2eb62022-01-05 10:01:25.710root 11241100x80000000000000006955602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34a0a981ed1e2162022-01-05 10:01:25.710root 11241100x80000000000000006955603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce97fe762a3a1912022-01-05 10:01:25.710root 11241100x80000000000000006955604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c43e4e7d61f4b72022-01-05 10:01:25.710root 11241100x80000000000000006955605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04ed2969cc684862022-01-05 10:01:25.710root 11241100x80000000000000006955606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741c0aea03b5bf092022-01-05 10:01:25.711root 11241100x80000000000000006955607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de021ce853720afa2022-01-05 10:01:25.711root 11241100x80000000000000006955608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259c102b02a3241e2022-01-05 10:01:25.711root 11241100x80000000000000006955609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a311fed55370c12022-01-05 10:01:25.711root 11241100x80000000000000006955610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6059e988383574312022-01-05 10:01:25.711root 11241100x80000000000000006955611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96001cf84bbd19c82022-01-05 10:01:25.711root 11241100x80000000000000006955612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc60cdb56ff9b02022-01-05 10:01:25.711root 11241100x80000000000000006955613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e914bb765ff6bb2022-01-05 10:01:25.711root 11241100x80000000000000006955614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3417f49df7c0bdf62022-01-05 10:01:25.711root 11241100x80000000000000006955615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4138a9725e2cdbba2022-01-05 10:01:25.711root 11241100x80000000000000006955616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3af093746931362022-01-05 10:01:25.711root 11241100x80000000000000006955617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04105cdfb1bc77c92022-01-05 10:01:25.711root 11241100x80000000000000006955618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38aa2dfde1fe0d722022-01-05 10:01:25.711root 11241100x80000000000000006955619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e3a62167a067db2022-01-05 10:01:25.711root 11241100x80000000000000006955620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051c44b5b86300672022-01-05 10:01:25.711root 11241100x80000000000000006955621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9b4582178048642022-01-05 10:01:25.712root 11241100x80000000000000006955622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129d6865b6be72f42022-01-05 10:01:25.712root 11241100x80000000000000006955623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a1c54d1d30dd882022-01-05 10:01:25.712root 11241100x80000000000000006955624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d41672947f24bc32022-01-05 10:01:25.712root 11241100x80000000000000006955625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb68c9bb6ea66fdb2022-01-05 10:01:25.712root 11241100x80000000000000006955626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecf333025f184682022-01-05 10:01:25.712root 11241100x80000000000000006955627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2482817994f8321f2022-01-05 10:01:25.712root 11241100x80000000000000006955628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bc8b647d8f6a9b2022-01-05 10:01:26.210root 11241100x80000000000000006955629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3078320dc90bf792022-01-05 10:01:26.210root 11241100x80000000000000006955630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d277a80e5dc8a0b2022-01-05 10:01:26.210root 11241100x80000000000000006955631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd30c67066fbb4f2022-01-05 10:01:26.211root 11241100x80000000000000006955632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e966c4dec0a1b82022-01-05 10:01:26.211root 11241100x80000000000000006955633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029f631b861bc29a2022-01-05 10:01:26.211root 11241100x80000000000000006955634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afda9b648cec8522022-01-05 10:01:26.211root 11241100x80000000000000006955635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daceabc371476c012022-01-05 10:01:26.211root 11241100x80000000000000006955636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcd2fb8d36533622022-01-05 10:01:26.211root 11241100x80000000000000006955637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e077e385a6ec9982022-01-05 10:01:26.211root 11241100x80000000000000006955638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500f6ebb9e7fd8b12022-01-05 10:01:26.211root 11241100x80000000000000006955639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b10817258b38202022-01-05 10:01:26.211root 11241100x80000000000000006955640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df12ae31d55f8a6b2022-01-05 10:01:26.211root 11241100x80000000000000006955641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0915a2227cbbf6002022-01-05 10:01:26.211root 11241100x80000000000000006955642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d02761a4cfe5d12022-01-05 10:01:26.211root 11241100x80000000000000006955643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca805d2058d4e1b2022-01-05 10:01:26.211root 11241100x80000000000000006955644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9754185f90ef7b2022-01-05 10:01:26.211root 11241100x80000000000000006955645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eed234734b49cb2022-01-05 10:01:26.211root 11241100x80000000000000006955646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf4b4bd643b98552022-01-05 10:01:26.212root 11241100x80000000000000006955647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec203abb96cec04a2022-01-05 10:01:26.212root 11241100x80000000000000006955648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4d6156052288aa2022-01-05 10:01:26.212root 11241100x80000000000000006955649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef100527ae684b4d2022-01-05 10:01:26.212root 11241100x80000000000000006955650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67617e765d7bd472022-01-05 10:01:26.212root 11241100x80000000000000006955651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66cce4046a77ddc2022-01-05 10:01:26.212root 11241100x80000000000000006955652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998b3e31a35416862022-01-05 10:01:26.212root 11241100x80000000000000006955653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cb463c8bf2180e2022-01-05 10:01:26.212root 11241100x80000000000000006955654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f145afd21d125862022-01-05 10:01:26.212root 11241100x80000000000000006955655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b522f88b839303d52022-01-05 10:01:26.710root 11241100x80000000000000006955656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a303c3188d4e70322022-01-05 10:01:26.710root 11241100x80000000000000006955657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162d286d0758ba2f2022-01-05 10:01:26.710root 11241100x80000000000000006955658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a887f7edef8031d2022-01-05 10:01:26.710root 11241100x80000000000000006955659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acaf14465ab82cb02022-01-05 10:01:26.710root 11241100x80000000000000006955660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dccb8605577b692022-01-05 10:01:26.710root 11241100x80000000000000006955661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dbac70d9c014952022-01-05 10:01:26.710root 11241100x80000000000000006955662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16499cd8ee150b112022-01-05 10:01:26.711root 11241100x80000000000000006955663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57002a5073e94172022-01-05 10:01:26.711root 11241100x80000000000000006955664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bfae7e92e4127f2022-01-05 10:01:26.711root 11241100x80000000000000006955665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447bdfd6806ba8c72022-01-05 10:01:26.711root 11241100x80000000000000006955666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9520975a397fa72022-01-05 10:01:26.711root 11241100x80000000000000006955667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffef10eaaf39bff2022-01-05 10:01:26.711root 11241100x80000000000000006955668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08be1df6b9b042c32022-01-05 10:01:26.711root 11241100x80000000000000006955669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbf8d2d45bd3e4e2022-01-05 10:01:26.711root 11241100x80000000000000006955670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5a60cf5701d1c82022-01-05 10:01:26.711root 11241100x80000000000000006955671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349eabe74154c9442022-01-05 10:01:26.711root 11241100x80000000000000006955672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eba62efe5ac5242022-01-05 10:01:26.711root 11241100x80000000000000006955673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1d2ed87ced784f2022-01-05 10:01:26.711root 11241100x80000000000000006955674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c7fb6e1e8cc03a2022-01-05 10:01:26.711root 11241100x80000000000000006955675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832a1742b843adb52022-01-05 10:01:26.711root 11241100x80000000000000006955676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f91a8978a5790d12022-01-05 10:01:26.711root 11241100x80000000000000006955677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae9d2c5975e763e2022-01-05 10:01:26.712root 11241100x80000000000000006955678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298fc97d4086a10c2022-01-05 10:01:26.712root 11241100x80000000000000006955679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f577cabc85aa512022-01-05 10:01:26.712root 11241100x80000000000000006955680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b1b6c5f93b93fe2022-01-05 10:01:26.712root 11241100x80000000000000006955681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0959715ee768d00e2022-01-05 10:01:26.712root 11241100x80000000000000006955682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2832b20be7fc88b2022-01-05 10:01:27.210root 11241100x80000000000000006955683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02711babd78eaf5b2022-01-05 10:01:27.210root 11241100x80000000000000006955684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e5eb5bf75c39a72022-01-05 10:01:27.210root 11241100x80000000000000006955685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ec16f55bd644922022-01-05 10:01:27.210root 11241100x80000000000000006955686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed0d3c1601052362022-01-05 10:01:27.210root 11241100x80000000000000006955687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b23828f2217a7502022-01-05 10:01:27.211root 11241100x80000000000000006955688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68331d6be41b7f9e2022-01-05 10:01:27.211root 11241100x80000000000000006955689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7906a0f88b8a022022-01-05 10:01:27.211root 11241100x80000000000000006955690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b7566321ad2d2e2022-01-05 10:01:27.211root 11241100x80000000000000006955691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8cc3af730a3c792022-01-05 10:01:27.211root 11241100x80000000000000006955692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1a2f6db357f2d22022-01-05 10:01:27.211root 11241100x80000000000000006955693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f6c5ea698a9b8a2022-01-05 10:01:27.211root 11241100x80000000000000006955694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f04861242faf9772022-01-05 10:01:27.211root 11241100x80000000000000006955695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6315c63b5471eb342022-01-05 10:01:27.211root 11241100x80000000000000006955696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5872b2a91a27cbf2022-01-05 10:01:27.211root 11241100x80000000000000006955697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0e03a44e2efcab2022-01-05 10:01:27.211root 11241100x80000000000000006955698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7596f583cc4373062022-01-05 10:01:27.211root 11241100x80000000000000006955699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e2b89ddb18d1682022-01-05 10:01:27.211root 11241100x80000000000000006955700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da62a4f89143a8872022-01-05 10:01:27.212root 11241100x80000000000000006955701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a0d87880a886372022-01-05 10:01:27.212root 11241100x80000000000000006955702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29e7af01961c87b2022-01-05 10:01:27.212root 11241100x80000000000000006955703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98544c21092863802022-01-05 10:01:27.212root 11241100x80000000000000006955704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafd2fbfe25a14fe2022-01-05 10:01:27.212root 11241100x80000000000000006955705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6a834e0f8e0e8b2022-01-05 10:01:27.212root 11241100x80000000000000006955706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e01e620cf74b6f2022-01-05 10:01:27.212root 11241100x80000000000000006955707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040310691368c9702022-01-05 10:01:27.212root 11241100x80000000000000006955708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a9e342056e42902022-01-05 10:01:27.212root 11241100x80000000000000006955709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d727138071d1dec2022-01-05 10:01:27.710root 11241100x80000000000000006955710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f2ec37ef02154b2022-01-05 10:01:27.710root 11241100x80000000000000006955711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e2ca589e9147032022-01-05 10:01:27.710root 11241100x80000000000000006955712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a99ddccdcfa3fe2022-01-05 10:01:27.710root 11241100x80000000000000006955713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ecc2b7a28ac6c12022-01-05 10:01:27.710root 11241100x80000000000000006955714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b3473b833872a52022-01-05 10:01:27.710root 11241100x80000000000000006955715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b5a19276be30da2022-01-05 10:01:27.710root 11241100x80000000000000006955716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71887ab1ed7fdee12022-01-05 10:01:27.710root 11241100x80000000000000006955717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af24c645d57facc12022-01-05 10:01:27.711root 11241100x80000000000000006955718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e030eb645525c6d2022-01-05 10:01:27.711root 11241100x80000000000000006955719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734c82a132c6c8622022-01-05 10:01:27.711root 11241100x80000000000000006955720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407c1b05a894c07d2022-01-05 10:01:27.711root 11241100x80000000000000006955721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dedb37351e125f2022-01-05 10:01:27.711root 11241100x80000000000000006955722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ff70634265e3e92022-01-05 10:01:27.711root 11241100x80000000000000006955723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31ebc371a9f11372022-01-05 10:01:27.711root 11241100x80000000000000006955724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccfe55305f217d72022-01-05 10:01:27.711root 11241100x80000000000000006955725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c50e6bb4bb63e4e2022-01-05 10:01:27.711root 11241100x80000000000000006955726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268a76142c1e6a6e2022-01-05 10:01:27.711root 11241100x80000000000000006955727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538d030bac02c5e02022-01-05 10:01:27.711root 11241100x80000000000000006955728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808503178f00a5492022-01-05 10:01:27.711root 11241100x80000000000000006955729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324e64401a5395b52022-01-05 10:01:27.711root 11241100x80000000000000006955730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1627d897b2fa042022-01-05 10:01:27.711root 11241100x80000000000000006955731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45ac2db63d7c5452022-01-05 10:01:27.711root 11241100x80000000000000006955732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7107d7cd9f451b2022-01-05 10:01:27.712root 11241100x80000000000000006955733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9422b654d7702d2022-01-05 10:01:27.712root 11241100x80000000000000006955734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de5ef1474e4ddb22022-01-05 10:01:27.712root 11241100x80000000000000006955735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80161801ce8858a72022-01-05 10:01:27.712root 354300x80000000000000006955736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.112{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41684-false10.0.1.12-8000- 11241100x80000000000000006955737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1106452e9b499da42022-01-05 10:01:28.113root 11241100x80000000000000006955738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b2ccdf2fb5a1cd2022-01-05 10:01:28.113root 11241100x80000000000000006955739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af7e3e8cc7d014f2022-01-05 10:01:28.113root 11241100x80000000000000006955740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c92bfec2f8555ff2022-01-05 10:01:28.113root 11241100x80000000000000006955741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fcff2b944dce3f2022-01-05 10:01:28.113root 11241100x80000000000000006955742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c4cd82648cd8392022-01-05 10:01:28.114root 11241100x80000000000000006955743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f509a0ed559a7152022-01-05 10:01:28.114root 11241100x80000000000000006955744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5569d623a71d0f892022-01-05 10:01:28.114root 11241100x80000000000000006955745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157f24627f2dd3592022-01-05 10:01:28.114root 11241100x80000000000000006955746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414978db4acb74e12022-01-05 10:01:28.114root 11241100x80000000000000006955747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b974fe94408a7b3a2022-01-05 10:01:28.114root 11241100x80000000000000006955748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8725f85f8412c06b2022-01-05 10:01:28.115root 11241100x80000000000000006955749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577f0d4864ff0cb12022-01-05 10:01:28.115root 11241100x80000000000000006955750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb33d181f23ad0802022-01-05 10:01:28.116root 11241100x80000000000000006955751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945381026ca541d72022-01-05 10:01:28.116root 11241100x80000000000000006955752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0571bc0b2db0de742022-01-05 10:01:28.116root 11241100x80000000000000006955753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79235f48bf918442022-01-05 10:01:28.116root 11241100x80000000000000006955754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf45b32386c539a2022-01-05 10:01:28.117root 11241100x80000000000000006955755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ae1770dd289fec2022-01-05 10:01:28.117root 11241100x80000000000000006955756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcf88d522b330202022-01-05 10:01:28.117root 11241100x80000000000000006955757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202fb2c7879da0412022-01-05 10:01:28.117root 11241100x80000000000000006955758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fb89f06ec216af2022-01-05 10:01:28.117root 11241100x80000000000000006955759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da02b789e23c91762022-01-05 10:01:28.117root 11241100x80000000000000006955760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0702d11adaf4bcf02022-01-05 10:01:28.117root 11241100x80000000000000006955761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8187fba59a1a45b62022-01-05 10:01:28.117root 11241100x80000000000000006955762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec0753afd0144252022-01-05 10:01:28.117root 11241100x80000000000000006955763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebb4454913184b92022-01-05 10:01:28.117root 11241100x80000000000000006955764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a592305995a00832022-01-05 10:01:28.117root 11241100x80000000000000006955765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924b67ab8a4460992022-01-05 10:01:28.117root 11241100x80000000000000006955766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322adc1569184c7a2022-01-05 10:01:28.117root 11241100x80000000000000006955767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e20dbfae7fc50e2022-01-05 10:01:28.118root 11241100x80000000000000006955768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c0f84ebe3f02632022-01-05 10:01:28.118root 11241100x80000000000000006955769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61827326218ad6d42022-01-05 10:01:28.118root 11241100x80000000000000006955770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dfcc805a38dfe62022-01-05 10:01:28.118root 11241100x80000000000000006955771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d17d1ccc642cbd2022-01-05 10:01:28.118root 11241100x80000000000000006955772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f424719572c49c52022-01-05 10:01:28.460root 11241100x80000000000000006955773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d19781592e95552022-01-05 10:01:28.460root 11241100x80000000000000006955774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef5990aee6560ed2022-01-05 10:01:28.460root 11241100x80000000000000006955775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f5338eb63b2d6c2022-01-05 10:01:28.460root 11241100x80000000000000006955776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72346d7dc589c7272022-01-05 10:01:28.460root 11241100x80000000000000006955777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de8f8a3eeb4ba0b2022-01-05 10:01:28.460root 11241100x80000000000000006955778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6162f5a4da12a92022-01-05 10:01:28.460root 11241100x80000000000000006955779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a13d848bfb2f632022-01-05 10:01:28.461root 11241100x80000000000000006955780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f0157e900c329b2022-01-05 10:01:28.461root 11241100x80000000000000006955781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4393d60acae4aa922022-01-05 10:01:28.461root 11241100x80000000000000006955782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9bb736ca2a49192022-01-05 10:01:28.461root 11241100x80000000000000006955783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa0d3e13f3bce362022-01-05 10:01:28.461root 11241100x80000000000000006955784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845f33d7a46c13a92022-01-05 10:01:28.461root 11241100x80000000000000006955785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b099cf30a1097f0e2022-01-05 10:01:28.461root 11241100x80000000000000006955786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b566758f09b44c2022-01-05 10:01:28.461root 11241100x80000000000000006955787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd29b60de78890ee2022-01-05 10:01:28.461root 11241100x80000000000000006955788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0922f83690fa3bd62022-01-05 10:01:28.462root 11241100x80000000000000006955789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd9b27c177fbc2f2022-01-05 10:01:28.462root 11241100x80000000000000006955790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516ca1791512a4a32022-01-05 10:01:28.462root 11241100x80000000000000006955791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a203614fd643cd2022-01-05 10:01:28.462root 11241100x80000000000000006955792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428eb9bb5333d0b02022-01-05 10:01:28.462root 11241100x80000000000000006955793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e23eb49b8b7e3422022-01-05 10:01:28.463root 11241100x80000000000000006955794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a618bf3afed315842022-01-05 10:01:28.463root 11241100x80000000000000006955795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e6286cbe3063322022-01-05 10:01:28.463root 11241100x80000000000000006955796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b10285f3d1e3d562022-01-05 10:01:28.463root 11241100x80000000000000006955797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69216542d2ad46e32022-01-05 10:01:28.463root 11241100x80000000000000006955798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab50b0ef49610b02022-01-05 10:01:28.463root 11241100x80000000000000006955799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8a419a5bce82982022-01-05 10:01:28.463root 11241100x80000000000000006955800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82433e137803ac62022-01-05 10:01:28.959root 11241100x80000000000000006955801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27466b1ff42c2c312022-01-05 10:01:28.959root 11241100x80000000000000006955802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b054614ec21f4a62022-01-05 10:01:28.959root 11241100x80000000000000006955803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c50849f6959ffef2022-01-05 10:01:28.959root 11241100x80000000000000006955804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783c8bb0cc4721252022-01-05 10:01:28.959root 11241100x80000000000000006955805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9b574bf508e3392022-01-05 10:01:28.960root 11241100x80000000000000006955806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbca38968f80b392022-01-05 10:01:28.960root 11241100x80000000000000006955807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6c4f3414b00ee92022-01-05 10:01:28.960root 11241100x80000000000000006955808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe71219d84678982022-01-05 10:01:28.960root 11241100x80000000000000006955809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25fcda73dfc770e2022-01-05 10:01:28.960root 11241100x80000000000000006955810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa4c865ea6b95a82022-01-05 10:01:28.960root 11241100x80000000000000006955811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2bcbdc774ead502022-01-05 10:01:28.960root 11241100x80000000000000006955812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24209d3f38d188d2022-01-05 10:01:28.960root 11241100x80000000000000006955813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0044b8791f7d7aa72022-01-05 10:01:28.960root 11241100x80000000000000006955814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299a9994fecacd942022-01-05 10:01:28.960root 11241100x80000000000000006955815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2facd47c66c56ea42022-01-05 10:01:28.960root 11241100x80000000000000006955816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdcb98092442a1d2022-01-05 10:01:28.960root 11241100x80000000000000006955817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6144dbe22d9d462022-01-05 10:01:28.960root 11241100x80000000000000006955818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f0b814c62efa9c2022-01-05 10:01:28.960root 11241100x80000000000000006955819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33579eb559ded7802022-01-05 10:01:28.960root 11241100x80000000000000006955820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb3b621a48b1c682022-01-05 10:01:28.960root 11241100x80000000000000006955821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d493f15665aae75c2022-01-05 10:01:28.961root 11241100x80000000000000006955822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cad1f37522e8afc2022-01-05 10:01:28.961root 11241100x80000000000000006955823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c3cfd61da0ad762022-01-05 10:01:28.961root 11241100x80000000000000006955824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c610dff396991cb12022-01-05 10:01:28.961root 11241100x80000000000000006955825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37ebb82ca2f4af12022-01-05 10:01:28.961root 11241100x80000000000000006955826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da21788405d49e772022-01-05 10:01:28.961root 11241100x80000000000000006955827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62206777a1cabb62022-01-05 10:01:28.961root 11241100x80000000000000006955828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5156577bf63c2e892022-01-05 10:01:28.961root 11241100x80000000000000006955829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:01:29.221root 11241100x80000000000000006955830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8862dfd2224bca02022-01-05 10:01:29.222root 11241100x80000000000000006955831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803f1ec412b9e2f42022-01-05 10:01:29.222root 11241100x80000000000000006955832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7accb04b12e4c4c2022-01-05 10:01:29.222root 11241100x80000000000000006955833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab18db4f10d372562022-01-05 10:01:29.222root 11241100x80000000000000006955834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b8871a0d4e446a2022-01-05 10:01:29.222root 11241100x80000000000000006955835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c32674157a73102022-01-05 10:01:29.223root 11241100x80000000000000006955836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4aabe1681fbbc72022-01-05 10:01:29.223root 11241100x80000000000000006955837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2766aec5b0e390742022-01-05 10:01:29.223root 11241100x80000000000000006955838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef0de6013c5e402022-01-05 10:01:29.223root 11241100x80000000000000006955839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0303425869f1ae742022-01-05 10:01:29.223root 11241100x80000000000000006955840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783f5efe2f9ce8d2022-01-05 10:01:29.223root 11241100x80000000000000006955841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e8a9b091699d872022-01-05 10:01:29.223root 11241100x80000000000000006955842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5615d2e3043f4d102022-01-05 10:01:29.223root 11241100x80000000000000006955843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4582826d89caa16a2022-01-05 10:01:29.223root 11241100x80000000000000006955844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67217758d7d3f1ab2022-01-05 10:01:29.223root 11241100x80000000000000006955845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d08a5f91b84072a2022-01-05 10:01:29.223root 11241100x80000000000000006955846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9549ae6a6d0074d2022-01-05 10:01:29.223root 11241100x80000000000000006955847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34d996495d62e672022-01-05 10:01:29.223root 11241100x80000000000000006955848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44370cfc9c31b6cb2022-01-05 10:01:29.223root 11241100x80000000000000006955849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b73226083fbada62022-01-05 10:01:29.224root 11241100x80000000000000006955850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff219e27a223010e2022-01-05 10:01:29.224root 11241100x80000000000000006955851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292401b215b74922022-01-05 10:01:29.224root 11241100x80000000000000006955852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f5b3f1a12114132022-01-05 10:01:29.224root 11241100x80000000000000006955853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c280c422d587f7632022-01-05 10:01:29.224root 11241100x80000000000000006955854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d167b86ba07e8f52022-01-05 10:01:29.224root 11241100x80000000000000006955855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0795655d2f2c57132022-01-05 10:01:29.224root 11241100x80000000000000006955856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1647e0dfd22c87622022-01-05 10:01:29.224root 11241100x80000000000000006955857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f980a978996cee22022-01-05 10:01:29.224root 11241100x80000000000000006955858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7efb302be6bf632022-01-05 10:01:29.224root 11241100x80000000000000006955859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9b1bcf739fa7d32022-01-05 10:01:29.224root 11241100x80000000000000006955860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476eaf91f6a9e6032022-01-05 10:01:29.224root 11241100x80000000000000006955861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db81ac665cabc99a2022-01-05 10:01:29.710root 11241100x80000000000000006955862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9add5fad6c14fc02022-01-05 10:01:29.711root 11241100x80000000000000006955863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378a8c5e0ce49fae2022-01-05 10:01:29.711root 11241100x80000000000000006955864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1977cfa6441a08e62022-01-05 10:01:29.712root 11241100x80000000000000006955865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbbeb17e5f22fb72022-01-05 10:01:29.712root 11241100x80000000000000006955866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1278a958d2c97c02022-01-05 10:01:29.712root 11241100x80000000000000006955867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eef91fb3f81ed4f2022-01-05 10:01:29.713root 11241100x80000000000000006955868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6c295102810fe62022-01-05 10:01:29.713root 11241100x80000000000000006955869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b594915f0e7931ab2022-01-05 10:01:29.713root 11241100x80000000000000006955870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb46f4e837db8a892022-01-05 10:01:29.713root 11241100x80000000000000006955871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7665a6707daab6dc2022-01-05 10:01:29.713root 11241100x80000000000000006955872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defeb7f02e70ccdb2022-01-05 10:01:29.713root 11241100x80000000000000006955873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd19b34a0cdf842022-01-05 10:01:29.713root 11241100x80000000000000006955874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85832bf2c533a5602022-01-05 10:01:29.713root 11241100x80000000000000006955875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86de6bc388653d7f2022-01-05 10:01:29.713root 11241100x80000000000000006955876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d642012fa7af9b652022-01-05 10:01:29.714root 11241100x80000000000000006955877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd3932275688ea42022-01-05 10:01:29.714root 11241100x80000000000000006955878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3d0798fb4afb932022-01-05 10:01:29.714root 11241100x80000000000000006955879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b35506da1d115872022-01-05 10:01:29.714root 11241100x80000000000000006955880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706471fbc189adc92022-01-05 10:01:29.714root 11241100x80000000000000006955881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2e6c3a972f43732022-01-05 10:01:29.714root 11241100x80000000000000006955882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6709f93c5dc11f692022-01-05 10:01:29.714root 11241100x80000000000000006955883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c179787ea95fe98a2022-01-05 10:01:29.714root 11241100x80000000000000006955884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870ee103e863de162022-01-05 10:01:29.714root 11241100x80000000000000006955885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9835a7ee9035ec522022-01-05 10:01:29.714root 11241100x80000000000000006955886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941007c1aa4cc1c12022-01-05 10:01:29.714root 11241100x80000000000000006955887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3c295d2ffdbf4b2022-01-05 10:01:29.714root 11241100x80000000000000006955888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fcd947232cc5722022-01-05 10:01:29.714root 11241100x80000000000000006955889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79ed1251cc4a9272022-01-05 10:01:29.714root 11241100x80000000000000006955890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c3c61ef9d89ea52022-01-05 10:01:30.210root 11241100x80000000000000006955891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f643debc5fb8a1022022-01-05 10:01:30.210root 11241100x80000000000000006955892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81c74e64658867c2022-01-05 10:01:30.210root 11241100x80000000000000006955893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dede5f9dbef23d2022-01-05 10:01:30.210root 11241100x80000000000000006955894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b79908681580d42022-01-05 10:01:30.211root 11241100x80000000000000006955895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184663d25ac7fceb2022-01-05 10:01:30.211root 11241100x80000000000000006955896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcae35c3fece1abb2022-01-05 10:01:30.211root 11241100x80000000000000006955897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373eb0c4f99b17752022-01-05 10:01:30.211root 11241100x80000000000000006955898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c216ba43e6a77b122022-01-05 10:01:30.211root 11241100x80000000000000006955899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8426969275931eac2022-01-05 10:01:30.211root 11241100x80000000000000006955900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc69dace0f2aed982022-01-05 10:01:30.211root 11241100x80000000000000006955901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d784292a98fb3732022-01-05 10:01:30.211root 11241100x80000000000000006955902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8333cc521787232022-01-05 10:01:30.211root 11241100x80000000000000006955903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c5212bb41b91072022-01-05 10:01:30.211root 11241100x80000000000000006955904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8214f82145ba3b7d2022-01-05 10:01:30.211root 11241100x80000000000000006955905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010b7ae40131c6b02022-01-05 10:01:30.211root 11241100x80000000000000006955906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f123e818a08c0f92022-01-05 10:01:30.211root 11241100x80000000000000006955907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378e5776f534a4d52022-01-05 10:01:30.211root 11241100x80000000000000006955908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a074abe938a78a642022-01-05 10:01:30.211root 11241100x80000000000000006955909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77610801892429592022-01-05 10:01:30.212root 11241100x80000000000000006955910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99232fb350c45f232022-01-05 10:01:30.212root 11241100x80000000000000006955911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80d70e27e4cc5532022-01-05 10:01:30.212root 11241100x80000000000000006955912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b210cab8911764b2022-01-05 10:01:30.212root 11241100x80000000000000006955913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2cdfd8835a342d2022-01-05 10:01:30.212root 11241100x80000000000000006955914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9171a14ce48d332022-01-05 10:01:30.212root 11241100x80000000000000006955915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8980997a9a4329612022-01-05 10:01:30.212root 11241100x80000000000000006955916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5283674e02dae3202022-01-05 10:01:30.212root 11241100x80000000000000006955917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacc1fb3da5d4d242022-01-05 10:01:30.212root 11241100x80000000000000006955918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8adf5f228e8cabc2022-01-05 10:01:30.212root 11241100x80000000000000006955919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbaf1f94ced74822022-01-05 10:01:30.710root 11241100x80000000000000006955920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7fb25ce4c6b4252022-01-05 10:01:30.710root 11241100x80000000000000006955921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd32247e03482dd12022-01-05 10:01:30.711root 11241100x80000000000000006955922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c75de4d672042042022-01-05 10:01:30.711root 11241100x80000000000000006955923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394e3ba10ae46ea92022-01-05 10:01:30.711root 11241100x80000000000000006955924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18ad74b469afa6d2022-01-05 10:01:30.711root 11241100x80000000000000006955925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66eb14a1515a1562022-01-05 10:01:30.711root 11241100x80000000000000006955926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09740935ce4bfbf12022-01-05 10:01:30.711root 11241100x80000000000000006955927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e3accbfa4d04be2022-01-05 10:01:30.711root 11241100x80000000000000006955928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8db21fb607d1f232022-01-05 10:01:30.712root 11241100x80000000000000006955929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a8bbd0c27614082022-01-05 10:01:30.712root 11241100x80000000000000006955930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf148152c0e287f2022-01-05 10:01:30.712root 11241100x80000000000000006955931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0ca5d7b539044f2022-01-05 10:01:30.712root 11241100x80000000000000006955932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcab0ce164f83d32022-01-05 10:01:30.712root 11241100x80000000000000006955933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a514f997cea60ce72022-01-05 10:01:30.712root 11241100x80000000000000006955934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b0bba7444e77e22022-01-05 10:01:30.712root 11241100x80000000000000006955935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07d815b44f25f272022-01-05 10:01:30.712root 11241100x80000000000000006955936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4c507d265e42e82022-01-05 10:01:30.712root 11241100x80000000000000006955937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d13415ccab835f2022-01-05 10:01:30.713root 11241100x80000000000000006955938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f272c653df3d45672022-01-05 10:01:30.713root 11241100x80000000000000006955939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac80dffd2028ab52022-01-05 10:01:30.713root 11241100x80000000000000006955940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27da0ea373a5b1c92022-01-05 10:01:30.713root 11241100x80000000000000006955941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3dbf1f1b567bac2022-01-05 10:01:30.713root 11241100x80000000000000006955942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f2a78d8084d4d02022-01-05 10:01:30.713root 11241100x80000000000000006955943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70519ebe42c6c4c92022-01-05 10:01:30.713root 11241100x80000000000000006955944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20f5f4e801ba1992022-01-05 10:01:30.713root 11241100x80000000000000006955945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb045eceb97e9932022-01-05 10:01:30.713root 11241100x80000000000000006955946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b192d61b764bb02022-01-05 10:01:30.713root 11241100x80000000000000006955947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7257b64a125719692022-01-05 10:01:30.714root 11241100x80000000000000006955948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b178b1bfb965b2022-01-05 10:01:31.210root 11241100x80000000000000006955949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee90d3b8db1ef2bf2022-01-05 10:01:31.210root 11241100x80000000000000006955950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9226727af52b342022-01-05 10:01:31.210root 11241100x80000000000000006955951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0640f4c9028bf02022-01-05 10:01:31.210root 11241100x80000000000000006955952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4270863ba25d95a2022-01-05 10:01:31.210root 11241100x80000000000000006955953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9e0b1cff6b4cdf2022-01-05 10:01:31.210root 11241100x80000000000000006955954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9243c6545ee3ffbd2022-01-05 10:01:31.211root 11241100x80000000000000006955955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742220ba55df2b5f2022-01-05 10:01:31.211root 11241100x80000000000000006955956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180fa56fbb1a4f02022-01-05 10:01:31.211root 11241100x80000000000000006955957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b032e97bdeeef512022-01-05 10:01:31.211root 11241100x80000000000000006955958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0264dc10f00c28512022-01-05 10:01:31.211root 11241100x80000000000000006955959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3050cf6742481c5b2022-01-05 10:01:31.211root 11241100x80000000000000006955960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a02f31b242f91e12022-01-05 10:01:31.211root 11241100x80000000000000006955961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb3f3d61c0ccd4b2022-01-05 10:01:31.211root 11241100x80000000000000006955962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd760325ec8298e2022-01-05 10:01:31.211root 11241100x80000000000000006955963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153ae386433342922022-01-05 10:01:31.211root 11241100x80000000000000006955964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cd3a9f438035082022-01-05 10:01:31.211root 11241100x80000000000000006955965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c22507436a482f82022-01-05 10:01:31.211root 11241100x80000000000000006955966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53230889e7cbc0c2022-01-05 10:01:31.211root 11241100x80000000000000006955967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac76fa5363bc52092022-01-05 10:01:31.211root 11241100x80000000000000006955968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960286b33a2fc4692022-01-05 10:01:31.211root 11241100x80000000000000006955969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9c7a17ba11fda42022-01-05 10:01:31.211root 11241100x80000000000000006955970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e5fb715dc8b9db2022-01-05 10:01:31.212root 11241100x80000000000000006955971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095d56cc643ea3c42022-01-05 10:01:31.212root 11241100x80000000000000006955972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c5bec22532f7522022-01-05 10:01:31.212root 11241100x80000000000000006955973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b027fc5c17ba7cc02022-01-05 10:01:31.212root 11241100x80000000000000006955974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e2e47a065f397c2022-01-05 10:01:31.212root 11241100x80000000000000006955975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da5d18ce5ba4f852022-01-05 10:01:31.212root 11241100x80000000000000006955976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615aca8fc23f24482022-01-05 10:01:31.212root 11241100x80000000000000006955977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb34580fce999a432022-01-05 10:01:31.710root 11241100x80000000000000006955978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8858fa64535d28e22022-01-05 10:01:31.710root 11241100x80000000000000006955979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523a330c47888e7a2022-01-05 10:01:31.710root 11241100x80000000000000006955980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5b93baf85ab9cf2022-01-05 10:01:31.710root 11241100x80000000000000006955981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbb25631291eed92022-01-05 10:01:31.710root 11241100x80000000000000006955982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879380ab8bcce83d2022-01-05 10:01:31.710root 11241100x80000000000000006955983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587bc8097f9984452022-01-05 10:01:31.711root 11241100x80000000000000006955984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e5249f1f370e652022-01-05 10:01:31.711root 11241100x80000000000000006955985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7895327858beb42c2022-01-05 10:01:31.711root 11241100x80000000000000006955986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1bbb55670284782022-01-05 10:01:31.711root 11241100x80000000000000006955987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c060cd3a99a0297a2022-01-05 10:01:31.711root 11241100x80000000000000006955988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422cb593923d4c42022-01-05 10:01:31.711root 11241100x80000000000000006955989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22e47103bf652af2022-01-05 10:01:31.711root 11241100x80000000000000006955990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9b2ce885f7d3b22022-01-05 10:01:31.711root 11241100x80000000000000006955991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afdb9ad8c92c8ca2022-01-05 10:01:31.711root 11241100x80000000000000006955992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dabceef762f6222022-01-05 10:01:31.711root 11241100x80000000000000006955993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b830cbd76c52b92022-01-05 10:01:31.711root 11241100x80000000000000006955994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9f7055e51551522022-01-05 10:01:31.711root 11241100x80000000000000006955995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68146965a3625342022-01-05 10:01:31.711root 11241100x80000000000000006955996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993f89276576e4dd2022-01-05 10:01:31.711root 11241100x80000000000000006955997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a947a63f14270be2022-01-05 10:01:31.711root 11241100x80000000000000006955998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a750d331bb7987ed2022-01-05 10:01:31.711root 11241100x80000000000000006955999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc884281764285d72022-01-05 10:01:31.712root 11241100x80000000000000006956000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87d3c07660380522022-01-05 10:01:31.712root 11241100x80000000000000006956001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c3ce1dccc860d42022-01-05 10:01:31.712root 11241100x80000000000000006956002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2bf0fe745fce152022-01-05 10:01:31.712root 11241100x80000000000000006956003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4458b2cb6118e942022-01-05 10:01:31.712root 11241100x80000000000000006956004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57a70aaad692c5b2022-01-05 10:01:31.712root 11241100x80000000000000006956005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ef7c084cefa51c2022-01-05 10:01:31.712root 11241100x80000000000000006956006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519e7f978ce20dab2022-01-05 10:01:32.210root 11241100x80000000000000006956007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76089d0077c47282022-01-05 10:01:32.210root 11241100x80000000000000006956008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf36c92c7a1e6c752022-01-05 10:01:32.210root 11241100x80000000000000006956009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce41767cb52192d2022-01-05 10:01:32.210root 11241100x80000000000000006956010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4c0472e855616d2022-01-05 10:01:32.210root 11241100x80000000000000006956011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1bd0948bd5d67b2022-01-05 10:01:32.210root 11241100x80000000000000006956012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838355ad5afec6372022-01-05 10:01:32.211root 11241100x80000000000000006956013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25dac5e76bebbf2022-01-05 10:01:32.211root 11241100x80000000000000006956014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33847da892e1737b2022-01-05 10:01:32.211root 11241100x80000000000000006956015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d609f9862c49a4b62022-01-05 10:01:32.211root 11241100x80000000000000006956016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1effaa0bd98774c62022-01-05 10:01:32.211root 11241100x80000000000000006956017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0632fe209bdc2f2022-01-05 10:01:32.211root 11241100x80000000000000006956018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a561e0e2c41e7a7e2022-01-05 10:01:32.211root 11241100x80000000000000006956019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5677c788656c73b2022-01-05 10:01:32.211root 11241100x80000000000000006956020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084690a2bc4dee1d2022-01-05 10:01:32.211root 11241100x80000000000000006956021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e8b25ad6c233a62022-01-05 10:01:32.211root 11241100x80000000000000006956022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d342a376e3592a9f2022-01-05 10:01:32.211root 11241100x80000000000000006956023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058d7c80315741f42022-01-05 10:01:32.211root 11241100x80000000000000006956024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c412474d3017ce2022-01-05 10:01:32.212root 11241100x80000000000000006956025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac5d5b06fd430eb2022-01-05 10:01:32.212root 11241100x80000000000000006956026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7b5710d96ec9d92022-01-05 10:01:32.212root 11241100x80000000000000006956027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e657bee5dbd30ec52022-01-05 10:01:32.212root 11241100x80000000000000006956028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51780ad92d8e9352022-01-05 10:01:32.212root 11241100x80000000000000006956029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560c32d0fff6d46d2022-01-05 10:01:32.212root 11241100x80000000000000006956030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58603af91f170512022-01-05 10:01:32.212root 11241100x80000000000000006956031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5550fcee4040fc2022-01-05 10:01:32.212root 11241100x80000000000000006956032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b559892b4fdb16d52022-01-05 10:01:32.212root 11241100x80000000000000006956033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292024727849fc092022-01-05 10:01:32.212root 11241100x80000000000000006956034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59a50a04947375d2022-01-05 10:01:32.212root 23542300x80000000000000006956035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.223{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006956036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2112f6e391eecd2022-01-05 10:01:32.710root 11241100x80000000000000006956037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19977eb7b36feaf62022-01-05 10:01:32.710root 11241100x80000000000000006956038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74713620da3b90ec2022-01-05 10:01:32.710root 11241100x80000000000000006956039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0e5501dd34f0652022-01-05 10:01:32.710root 11241100x80000000000000006956040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496c1037841597b32022-01-05 10:01:32.711root 11241100x80000000000000006956041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ad9783297c9702022-01-05 10:01:32.711root 11241100x80000000000000006956042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006e24c9e9ab50662022-01-05 10:01:32.711root 11241100x80000000000000006956043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df9def772fe95572022-01-05 10:01:32.711root 11241100x80000000000000006956044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a67e240ead673bf2022-01-05 10:01:32.711root 11241100x80000000000000006956045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51465d2faba5d02022-01-05 10:01:32.711root 11241100x80000000000000006956046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cf77ddd5dc46762022-01-05 10:01:32.711root 11241100x80000000000000006956047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bd09e54ae375262022-01-05 10:01:32.711root 11241100x80000000000000006956048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15c7903e7f377292022-01-05 10:01:32.711root 11241100x80000000000000006956049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8049825675e6522022-01-05 10:01:32.711root 11241100x80000000000000006956050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12f64ff7a62d42e2022-01-05 10:01:32.711root 11241100x80000000000000006956051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd871ab5e433be32022-01-05 10:01:32.711root 11241100x80000000000000006956052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973a4cbe8acba3652022-01-05 10:01:32.712root 11241100x80000000000000006956053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13341db97ab8bfd2022-01-05 10:01:32.712root 11241100x80000000000000006956054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e13893bb28440b22022-01-05 10:01:32.712root 11241100x80000000000000006956055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69401d3650219e582022-01-05 10:01:32.712root 11241100x80000000000000006956056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e164b3e45ffc082022-01-05 10:01:32.712root 11241100x80000000000000006956057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc69ec67acbb1a1b2022-01-05 10:01:32.712root 11241100x80000000000000006956058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1190c9e9821028842022-01-05 10:01:32.712root 11241100x80000000000000006956059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6ee3180460825d2022-01-05 10:01:32.712root 11241100x80000000000000006956060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49d07328dbac4192022-01-05 10:01:32.712root 11241100x80000000000000006956061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76be298a3ff4eb82022-01-05 10:01:32.712root 11241100x80000000000000006956062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0511162e8d65e022022-01-05 10:01:32.712root 11241100x80000000000000006956063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6364483ebd14df4e2022-01-05 10:01:32.712root 11241100x80000000000000006956064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c306642f6cf34282022-01-05 10:01:32.712root 11241100x80000000000000006956065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9695b7ed379fcbae2022-01-05 10:01:32.712root 11241100x80000000000000006956066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5e5be27c27032b2022-01-05 10:01:33.210root 11241100x80000000000000006956067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a03954493ba7972022-01-05 10:01:33.210root 11241100x80000000000000006956068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2615d809848a995b2022-01-05 10:01:33.210root 11241100x80000000000000006956069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e6b1e84cede2c92022-01-05 10:01:33.210root 11241100x80000000000000006956070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb3277f48edb1562022-01-05 10:01:33.210root 11241100x80000000000000006956071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe1a11e2b136b602022-01-05 10:01:33.211root 11241100x80000000000000006956072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1863defafa6883e2022-01-05 10:01:33.211root 11241100x80000000000000006956073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b4c35644662d3a2022-01-05 10:01:33.211root 11241100x80000000000000006956074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fc6cfb11825f562022-01-05 10:01:33.211root 11241100x80000000000000006956075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440afb6fe352310b2022-01-05 10:01:33.211root 11241100x80000000000000006956076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb355ecdc816fae2022-01-05 10:01:33.211root 11241100x80000000000000006956077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581da1394e4a14392022-01-05 10:01:33.211root 11241100x80000000000000006956078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2106de096d91f2022-01-05 10:01:33.211root 11241100x80000000000000006956079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d935e568d385592022-01-05 10:01:33.211root 11241100x80000000000000006956080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4a59b17b28fa502022-01-05 10:01:33.211root 11241100x80000000000000006956081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd0f33c40b319632022-01-05 10:01:33.211root 11241100x80000000000000006956082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d711f3f401abb312022-01-05 10:01:33.211root 11241100x80000000000000006956083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69854fb65bf8515a2022-01-05 10:01:33.211root 11241100x80000000000000006956084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ddb24acba8a3e2022-01-05 10:01:33.211root 11241100x80000000000000006956085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8b6d7cece9bb592022-01-05 10:01:33.211root 11241100x80000000000000006956086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9656d7c00a9f7c622022-01-05 10:01:33.211root 11241100x80000000000000006956087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59766ad4044e1b3f2022-01-05 10:01:33.212root 11241100x80000000000000006956088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c90b67df3a63502022-01-05 10:01:33.212root 11241100x80000000000000006956089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f536345ebb68d9922022-01-05 10:01:33.212root 11241100x80000000000000006956090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899b46eab6843f362022-01-05 10:01:33.212root 11241100x80000000000000006956091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c812f04a4b80def2022-01-05 10:01:33.212root 11241100x80000000000000006956092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbff0030ebb808992022-01-05 10:01:33.212root 11241100x80000000000000006956093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e92d94ffb542cd2022-01-05 10:01:33.213root 11241100x80000000000000006956094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e909d15e2cd5d2b62022-01-05 10:01:33.213root 11241100x80000000000000006956095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ad5a2af0a10c3c2022-01-05 10:01:33.213root 11241100x80000000000000006956096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4072b7a62cd2d7d2022-01-05 10:01:33.709root 11241100x80000000000000006956097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b85a72b70c1ac02022-01-05 10:01:33.709root 11241100x80000000000000006956098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd0c62c50d3b4532022-01-05 10:01:33.710root 11241100x80000000000000006956099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1334d333ffa4f7002022-01-05 10:01:33.710root 11241100x80000000000000006956100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72321df32fbcb222022-01-05 10:01:33.710root 11241100x80000000000000006956101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c4e1f8a15a35002022-01-05 10:01:33.710root 11241100x80000000000000006956102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb38f040ef9e68282022-01-05 10:01:33.710root 11241100x80000000000000006956103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1d991fe98fe7942022-01-05 10:01:33.711root 11241100x80000000000000006956104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91427e26f2321ddb2022-01-05 10:01:33.711root 11241100x80000000000000006956105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de49c023a993c262022-01-05 10:01:33.711root 11241100x80000000000000006956106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23e8abbe121473b2022-01-05 10:01:33.711root 11241100x80000000000000006956107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3890b0c35f4224b42022-01-05 10:01:33.711root 11241100x80000000000000006956108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4601a07f1f8c35352022-01-05 10:01:33.711root 11241100x80000000000000006956109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6f29c68a9a1d6e2022-01-05 10:01:33.711root 11241100x80000000000000006956110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cbe396d98d362e2022-01-05 10:01:33.712root 11241100x80000000000000006956111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88a27e3b525ab1e2022-01-05 10:01:33.712root 11241100x80000000000000006956112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3a1d5a08075c572022-01-05 10:01:33.712root 11241100x80000000000000006956113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c5edf2a4c952322022-01-05 10:01:33.712root 11241100x80000000000000006956114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8313124b44ff6df2022-01-05 10:01:33.712root 11241100x80000000000000006956115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2829ed21fe10208f2022-01-05 10:01:33.712root 11241100x80000000000000006956116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8bcc9b80268a832022-01-05 10:01:33.712root 11241100x80000000000000006956117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116f93934471fb672022-01-05 10:01:33.712root 11241100x80000000000000006956118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ab0fa11eaf26322022-01-05 10:01:33.712root 11241100x80000000000000006956119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f273a6cf8a9b8f682022-01-05 10:01:33.712root 11241100x80000000000000006956120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f36303464c64f2022-01-05 10:01:33.713root 11241100x80000000000000006956121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eb7ab1d0f46c892022-01-05 10:01:33.713root 11241100x80000000000000006956122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0528c9f602d8a7672022-01-05 10:01:33.713root 11241100x80000000000000006956123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb673b746d520002022-01-05 10:01:33.715root 11241100x80000000000000006956124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c5903c307cfd262022-01-05 10:01:33.715root 11241100x80000000000000006956125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558b242bb8775f312022-01-05 10:01:33.715root 11241100x80000000000000006956126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b929c3de1512f0722022-01-05 10:01:33.715root 11241100x80000000000000006956127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8690a613601e39862022-01-05 10:01:33.715root 11241100x80000000000000006956128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131350c0155bbbc92022-01-05 10:01:33.716root 354300x80000000000000006956129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.724{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42166-false10.0.1.12-8089- 354300x80000000000000006956130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.061{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41688-false10.0.1.12-8000- 11241100x80000000000000006956131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ebd1799cbc0f2f2022-01-05 10:01:34.062root 11241100x80000000000000006956132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8b5b2ef710a2192022-01-05 10:01:34.062root 11241100x80000000000000006956133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1003ec03a630623b2022-01-05 10:01:34.062root 11241100x80000000000000006956134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d6946d416e4302022-01-05 10:01:34.062root 11241100x80000000000000006956135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af4320c9fc6083b2022-01-05 10:01:34.062root 11241100x80000000000000006956136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52898cea7a019ee2022-01-05 10:01:34.062root 11241100x80000000000000006956137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0433ff9512559342022-01-05 10:01:34.062root 11241100x80000000000000006956138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10146d7a75c2f3202022-01-05 10:01:34.063root 11241100x80000000000000006956139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0567e86e93823ddf2022-01-05 10:01:34.063root 11241100x80000000000000006956140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613b8810cac0581e2022-01-05 10:01:34.063root 11241100x80000000000000006956141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5d2c02dae785882022-01-05 10:01:34.063root 11241100x80000000000000006956142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c74adbe76ac4d392022-01-05 10:01:34.063root 11241100x80000000000000006956143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38886e33eeaadda2022-01-05 10:01:34.063root 11241100x80000000000000006956144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bfbf15547d98bf2022-01-05 10:01:34.063root 11241100x80000000000000006956145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5b88a9b250d3b52022-01-05 10:01:34.063root 11241100x80000000000000006956146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769416e6e928c7532022-01-05 10:01:34.063root 11241100x80000000000000006956147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c8107a67d0d54b2022-01-05 10:01:34.063root 11241100x80000000000000006956148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687522de3a9c3e162022-01-05 10:01:34.064root 11241100x80000000000000006956149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb9407102e64e162022-01-05 10:01:34.064root 11241100x80000000000000006956150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81f2af32b2128f32022-01-05 10:01:34.064root 11241100x80000000000000006956151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8611c17cd517b5b12022-01-05 10:01:34.064root 11241100x80000000000000006956152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0385eb66fec82012022-01-05 10:01:34.064root 11241100x80000000000000006956153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b27ae9881cada12022-01-05 10:01:34.065root 11241100x80000000000000006956154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680bfa17f934d8db2022-01-05 10:01:34.065root 11241100x80000000000000006956155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca7fde6c98934c32022-01-05 10:01:34.065root 11241100x80000000000000006956156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c55052cc2f72102022-01-05 10:01:34.065root 11241100x80000000000000006956157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aa80d5fd3147de2022-01-05 10:01:34.065root 11241100x80000000000000006956158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598ba8b734600f382022-01-05 10:01:34.065root 11241100x80000000000000006956159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749d8bf9441266742022-01-05 10:01:34.065root 11241100x80000000000000006956160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdc9a20c85412b02022-01-05 10:01:34.065root 11241100x80000000000000006956161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05015be11641ee32022-01-05 10:01:34.065root 11241100x80000000000000006956162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a6ad6f22dd5b142022-01-05 10:01:34.065root 11241100x80000000000000006956163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8248e68c668cb5772022-01-05 10:01:34.066root 11241100x80000000000000006956164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a408c21988192d2022-01-05 10:01:34.066root 11241100x80000000000000006956165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce4e65806bb3ebc2022-01-05 10:01:34.066root 11241100x80000000000000006956166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9358c0b8b903cad2022-01-05 10:01:34.066root 11241100x80000000000000006956167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb588043d84692762022-01-05 10:01:34.066root 11241100x80000000000000006956168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d20848ff8b72022022-01-05 10:01:34.066root 11241100x80000000000000006956169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aa64d212d747ca2022-01-05 10:01:34.066root 11241100x80000000000000006956170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1271df62691f11b42022-01-05 10:01:34.066root 11241100x80000000000000006956171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f18a34c1abe2bc2022-01-05 10:01:34.067root 11241100x80000000000000006956172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76aa7587dcaadc12022-01-05 10:01:34.067root 11241100x80000000000000006956173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d798d7cf8cd7242022-01-05 10:01:34.067root 11241100x80000000000000006956174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffac9067fbc0714e2022-01-05 10:01:34.067root 11241100x80000000000000006956175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c8f5cd75bddea92022-01-05 10:01:34.067root 11241100x80000000000000006956176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289bf6b364b9fa7a2022-01-05 10:01:34.067root 11241100x80000000000000006956177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c41a0242357f3b2022-01-05 10:01:34.067root 11241100x80000000000000006956178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8117b4bc536385d62022-01-05 10:01:34.068root 11241100x80000000000000006956179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce26300fe2e02c82022-01-05 10:01:34.068root 11241100x80000000000000006956180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92a148a76264c5e2022-01-05 10:01:34.068root 11241100x80000000000000006956181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a7b9fae078c39b2022-01-05 10:01:34.068root 11241100x80000000000000006956182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3499aad875d0d4112022-01-05 10:01:34.068root 11241100x80000000000000006956183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70fa4389d6ce3762022-01-05 10:01:34.069root 11241100x80000000000000006956184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e463f4cc714ac8b2022-01-05 10:01:34.069root 11241100x80000000000000006956185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a816ea89de2fff2022-01-05 10:01:34.069root 11241100x80000000000000006956186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e58093e34506ef2022-01-05 10:01:34.069root 11241100x80000000000000006956187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4462919d0f17d972022-01-05 10:01:34.069root 11241100x80000000000000006956188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acafe3036f4a69772022-01-05 10:01:34.070root 11241100x80000000000000006956189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fe782e29f5abf22022-01-05 10:01:34.070root 11241100x80000000000000006956190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbddeada6ac22bb2022-01-05 10:01:34.460root 11241100x80000000000000006956191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846b081c1f6d89c72022-01-05 10:01:34.460root 11241100x80000000000000006956192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20a93b11b399ad02022-01-05 10:01:34.460root 11241100x80000000000000006956193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8dd7a5f93cc8942022-01-05 10:01:34.461root 11241100x80000000000000006956194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325a536147a77f6b2022-01-05 10:01:34.461root 11241100x80000000000000006956195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2204ac05b273c792022-01-05 10:01:34.461root 11241100x80000000000000006956196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328ad4ccfc8fb2572022-01-05 10:01:34.461root 11241100x80000000000000006956197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932244518b611c572022-01-05 10:01:34.461root 11241100x80000000000000006956198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090ae7caae4842372022-01-05 10:01:34.461root 11241100x80000000000000006956199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814f715d36bc6872022-01-05 10:01:34.461root 11241100x80000000000000006956200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe104884f1c95fc22022-01-05 10:01:34.461root 11241100x80000000000000006956201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9718f6cf6cd6de222022-01-05 10:01:34.461root 11241100x80000000000000006956202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d668e2ddde76fb2022-01-05 10:01:34.462root 11241100x80000000000000006956203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f431caddff8cbc2022-01-05 10:01:34.462root 11241100x80000000000000006956204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d5d534777a31012022-01-05 10:01:34.462root 11241100x80000000000000006956205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7330702ed884dde92022-01-05 10:01:34.462root 11241100x80000000000000006956206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18bc3e738fba0522022-01-05 10:01:34.462root 11241100x80000000000000006956207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94207298f23a63b2022-01-05 10:01:34.462root 11241100x80000000000000006956208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a0dc5d94b9d0e32022-01-05 10:01:34.462root 11241100x80000000000000006956209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b37abb88b3f2342022-01-05 10:01:34.462root 11241100x80000000000000006956210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069cb3ddac4376322022-01-05 10:01:34.462root 11241100x80000000000000006956211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea03e1f3c2d531c2022-01-05 10:01:34.462root 11241100x80000000000000006956212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac36b1393a4d12b2022-01-05 10:01:34.463root 11241100x80000000000000006956213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad8e756eeed5ce92022-01-05 10:01:34.463root 11241100x80000000000000006956214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff7bb6580ac6d6f2022-01-05 10:01:34.463root 11241100x80000000000000006956215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9304699ef02caa732022-01-05 10:01:34.463root 11241100x80000000000000006956216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d86a00b584cc35d2022-01-05 10:01:34.463root 11241100x80000000000000006956217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc413a5865135d022022-01-05 10:01:34.463root 11241100x80000000000000006956218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6af488d25c3cf22022-01-05 10:01:34.463root 11241100x80000000000000006956219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6a69166c8ccbb62022-01-05 10:01:34.463root 11241100x80000000000000006956220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1ce2f1c748fbe92022-01-05 10:01:34.463root 11241100x80000000000000006956221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b20acb11e2091342022-01-05 10:01:34.464root 11241100x80000000000000006956222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c7f9d97659f17a2022-01-05 10:01:34.960root 11241100x80000000000000006956223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6d4d5ebb1166632022-01-05 10:01:34.960root 11241100x80000000000000006956224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e1403c9b254bd22022-01-05 10:01:34.960root 11241100x80000000000000006956225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4a7d589b124a872022-01-05 10:01:34.960root 11241100x80000000000000006956226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9aef43bec9b0972022-01-05 10:01:34.961root 11241100x80000000000000006956227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01d539f382eb6f42022-01-05 10:01:34.961root 11241100x80000000000000006956228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41285faa0f3e7a852022-01-05 10:01:34.961root 11241100x80000000000000006956229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cff894f13c1a6a42022-01-05 10:01:34.961root 11241100x80000000000000006956230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78be82c705a780b42022-01-05 10:01:34.961root 11241100x80000000000000006956231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df180bf3052546452022-01-05 10:01:34.961root 11241100x80000000000000006956232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a5f4104dcd9df82022-01-05 10:01:34.961root 11241100x80000000000000006956233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dff78d2a84285642022-01-05 10:01:34.961root 11241100x80000000000000006956234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19506adb1850fa662022-01-05 10:01:34.961root 11241100x80000000000000006956235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e832cccb29e854f02022-01-05 10:01:34.961root 11241100x80000000000000006956236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dda3988ba252392022-01-05 10:01:34.962root 11241100x80000000000000006956237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bc1c482a2d82712022-01-05 10:01:34.962root 11241100x80000000000000006956238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a0b883b60271022022-01-05 10:01:34.962root 11241100x80000000000000006956239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d29a1e9cdb8de12022-01-05 10:01:34.962root 11241100x80000000000000006956240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22dfd529ec5eea2022-01-05 10:01:34.962root 11241100x80000000000000006956241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e08f6a6e03f0eb2022-01-05 10:01:34.962root 11241100x80000000000000006956242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828fde1292488322022-01-05 10:01:34.962root 11241100x80000000000000006956243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0221482932a1e42022-01-05 10:01:34.962root 11241100x80000000000000006956244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15852f60659b62492022-01-05 10:01:34.962root 11241100x80000000000000006956245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf7ba5fc99c8e502022-01-05 10:01:34.962root 11241100x80000000000000006956246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2574b4ccce61dbf2022-01-05 10:01:34.963root 11241100x80000000000000006956247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252f9819be5833ba2022-01-05 10:01:34.963root 11241100x80000000000000006956248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52f8b5e80c9e0572022-01-05 10:01:34.963root 11241100x80000000000000006956249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bb5ae0779e09512022-01-05 10:01:34.964root 11241100x80000000000000006956250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872a8343ec1bbb0c2022-01-05 10:01:34.964root 11241100x80000000000000006956251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e53b1df5f2a67c2022-01-05 10:01:34.964root 11241100x80000000000000006956252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dfda3d322a17a72022-01-05 10:01:34.964root 11241100x80000000000000006956253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af2e7465526e532022-01-05 10:01:34.964root 11241100x80000000000000006956254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3b71426519a2c02022-01-05 10:01:35.460root 11241100x80000000000000006956255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b64f36c1676aef2022-01-05 10:01:35.460root 11241100x80000000000000006956256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c9a7e039d13a522022-01-05 10:01:35.460root 11241100x80000000000000006956257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00280b5aa808e8b2022-01-05 10:01:35.461root 11241100x80000000000000006956258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c08c8e208e89432022-01-05 10:01:35.461root 11241100x80000000000000006956259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4fc481687f08c62022-01-05 10:01:35.461root 11241100x80000000000000006956260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdcfcb58cdb02f32022-01-05 10:01:35.461root 11241100x80000000000000006956261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de886835612cf04e2022-01-05 10:01:35.461root 11241100x80000000000000006956262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c7b93d1fa1c8382022-01-05 10:01:35.461root 11241100x80000000000000006956263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5227a80240f83da02022-01-05 10:01:35.461root 11241100x80000000000000006956264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad4b58348ae9f562022-01-05 10:01:35.461root 11241100x80000000000000006956265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b33373ef8665ff2022-01-05 10:01:35.461root 11241100x80000000000000006956266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb3f83afe25def22022-01-05 10:01:35.461root 11241100x80000000000000006956267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233609e379c5b2032022-01-05 10:01:35.461root 11241100x80000000000000006956268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95d65ba8ac03d322022-01-05 10:01:35.462root 11241100x80000000000000006956269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3ca469781556de2022-01-05 10:01:35.462root 11241100x80000000000000006956270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d11a52436dd8fe2022-01-05 10:01:35.462root 11241100x80000000000000006956271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f722254aada4762022-01-05 10:01:35.462root 11241100x80000000000000006956272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad43b29e8a14e39b2022-01-05 10:01:35.462root 11241100x80000000000000006956273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89516c3582f7150c2022-01-05 10:01:35.462root 11241100x80000000000000006956274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd29586116919c2f2022-01-05 10:01:35.462root 11241100x80000000000000006956275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc7ace66489e29b2022-01-05 10:01:35.462root 11241100x80000000000000006956276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a040ec2db9eea6b2022-01-05 10:01:35.462root 11241100x80000000000000006956277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21b12d856383de52022-01-05 10:01:35.462root 11241100x80000000000000006956278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad21779efb2b9262022-01-05 10:01:35.462root 11241100x80000000000000006956279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5005b2e9223734f52022-01-05 10:01:35.462root 11241100x80000000000000006956280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df27e7139087a1e2022-01-05 10:01:35.462root 11241100x80000000000000006956281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a0ab72d001bc092022-01-05 10:01:35.462root 11241100x80000000000000006956282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4090bb2016e1fd2022-01-05 10:01:35.462root 11241100x80000000000000006956283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d32a0725fba6e302022-01-05 10:01:35.463root 11241100x80000000000000006956284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0324200b401c13632022-01-05 10:01:35.463root 11241100x80000000000000006956285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775cc43bc06167ab2022-01-05 10:01:35.463root 11241100x80000000000000006956286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e120739e47953e232022-01-05 10:01:35.960root 11241100x80000000000000006956287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a263e3bda8a5542022-01-05 10:01:35.960root 11241100x80000000000000006956288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbd20144c2b351c2022-01-05 10:01:35.961root 11241100x80000000000000006956289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6c5010502f7a152022-01-05 10:01:35.961root 11241100x80000000000000006956290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dff5bd0352104522022-01-05 10:01:35.961root 11241100x80000000000000006956291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0814976d9670d4882022-01-05 10:01:35.961root 11241100x80000000000000006956292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14a88887b9fe4ce2022-01-05 10:01:35.961root 11241100x80000000000000006956293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0104bf6827e15e922022-01-05 10:01:35.961root 11241100x80000000000000006956294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f477341b5a9ebdb72022-01-05 10:01:35.961root 11241100x80000000000000006956295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d8df3ffd6f20a52022-01-05 10:01:35.961root 11241100x80000000000000006956296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4174cca17b0d372022-01-05 10:01:35.961root 11241100x80000000000000006956297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a450b85478639cf2022-01-05 10:01:35.961root 11241100x80000000000000006956298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44921c2a1970e6202022-01-05 10:01:35.961root 11241100x80000000000000006956299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e5cd1dae1e3d422022-01-05 10:01:35.962root 11241100x80000000000000006956300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b44a5e548e1292b2022-01-05 10:01:35.962root 11241100x80000000000000006956301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1017350b6358e8312022-01-05 10:01:35.962root 11241100x80000000000000006956302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6199fa0a243881792022-01-05 10:01:35.962root 11241100x80000000000000006956303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b003db401a716192022-01-05 10:01:35.962root 11241100x80000000000000006956304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db0f618d874aa92022-01-05 10:01:35.962root 11241100x80000000000000006956305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63666373ea2e83b82022-01-05 10:01:35.962root 11241100x80000000000000006956306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff8d0652f98ecb92022-01-05 10:01:35.962root 11241100x80000000000000006956307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d91f76512d22382022-01-05 10:01:35.962root 11241100x80000000000000006956308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81171ae83a1bd5992022-01-05 10:01:35.962root 11241100x80000000000000006956309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7113f9d8b47108002022-01-05 10:01:35.962root 11241100x80000000000000006956310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a100515b64653c0d2022-01-05 10:01:35.962root 11241100x80000000000000006956311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92df993a299f4cb12022-01-05 10:01:35.962root 11241100x80000000000000006956312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef18d1d3c2e13892022-01-05 10:01:35.962root 11241100x80000000000000006956313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec8b841e0666e722022-01-05 10:01:35.962root 11241100x80000000000000006956314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942e1978252c72bc2022-01-05 10:01:35.963root 11241100x80000000000000006956315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d834926ef9cc6c2022-01-05 10:01:35.963root 11241100x80000000000000006956316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9815ae17c4b90f7a2022-01-05 10:01:35.963root 11241100x80000000000000006956317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d49444ece7fdef2022-01-05 10:01:35.963root 11241100x80000000000000006956318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d3845f8107a2e12022-01-05 10:01:36.460root 11241100x80000000000000006956319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1472693615debbc2022-01-05 10:01:36.460root 11241100x80000000000000006956320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eda56832dcdaa52022-01-05 10:01:36.460root 11241100x80000000000000006956321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e668fe954a58ab92022-01-05 10:01:36.460root 11241100x80000000000000006956322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f00175406566d1e2022-01-05 10:01:36.461root 11241100x80000000000000006956323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bd9913c2d4c8f82022-01-05 10:01:36.461root 11241100x80000000000000006956324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131113c91bc59f622022-01-05 10:01:36.461root 11241100x80000000000000006956325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef37fdf252e4f9782022-01-05 10:01:36.461root 11241100x80000000000000006956326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259f330b94db54ca2022-01-05 10:01:36.461root 11241100x80000000000000006956327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a703277de672ec2022-01-05 10:01:36.461root 11241100x80000000000000006956328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc3a3c97e8c49d22022-01-05 10:01:36.461root 11241100x80000000000000006956329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ebab4e91eedadf2022-01-05 10:01:36.461root 11241100x80000000000000006956330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802c0fefab25dc752022-01-05 10:01:36.461root 11241100x80000000000000006956331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e5bf6f3b6cac9f2022-01-05 10:01:36.462root 11241100x80000000000000006956332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c162ec2833dd9c62022-01-05 10:01:36.462root 11241100x80000000000000006956333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ea37aea081cf5c2022-01-05 10:01:36.462root 11241100x80000000000000006956334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeac23dacee05a02022-01-05 10:01:36.462root 11241100x80000000000000006956335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80379fc34c5b7fe92022-01-05 10:01:36.462root 11241100x80000000000000006956336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6c698ae08b82c12022-01-05 10:01:36.462root 11241100x80000000000000006956337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3f3c8ea7f2912e2022-01-05 10:01:36.462root 11241100x80000000000000006956338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8f90bbd0afc6362022-01-05 10:01:36.462root 11241100x80000000000000006956339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c79efdca600aef62022-01-05 10:01:36.462root 11241100x80000000000000006956340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0542b4d9ef08f13a2022-01-05 10:01:36.462root 11241100x80000000000000006956341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475913f2eb93af3d2022-01-05 10:01:36.463root 11241100x80000000000000006956342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f7d15477ca31d52022-01-05 10:01:36.463root 11241100x80000000000000006956343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55321896fe4285ce2022-01-05 10:01:36.463root 11241100x80000000000000006956344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb442e1567e903e32022-01-05 10:01:36.463root 11241100x80000000000000006956345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe07c08a97cdc22022-01-05 10:01:36.463root 11241100x80000000000000006956346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86fd062dcf3e3d32022-01-05 10:01:36.463root 11241100x80000000000000006956347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37e25b0f79e8c502022-01-05 10:01:36.463root 11241100x80000000000000006956348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c26a8edc400f162022-01-05 10:01:36.463root 11241100x80000000000000006956349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb90036f9f45b8d2022-01-05 10:01:36.463root 11241100x80000000000000006956350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897e56f56a876af42022-01-05 10:01:36.960root 11241100x80000000000000006956351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3ebaa2cd3c59442022-01-05 10:01:36.960root 11241100x80000000000000006956352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083adb8e22601f0e2022-01-05 10:01:36.960root 11241100x80000000000000006956353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e654830992783b922022-01-05 10:01:36.960root 11241100x80000000000000006956354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac3ceaf1c512fd22022-01-05 10:01:36.960root 11241100x80000000000000006956355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601161f3c04ba6092022-01-05 10:01:36.961root 11241100x80000000000000006956356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264e1f92a71a64392022-01-05 10:01:36.961root 11241100x80000000000000006956357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71b5f64a71d1bc52022-01-05 10:01:36.961root 11241100x80000000000000006956358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b7a8d82c5b36b02022-01-05 10:01:36.961root 11241100x80000000000000006956359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c9d6584e8397502022-01-05 10:01:36.961root 11241100x80000000000000006956360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e1ab9d12e01c7f2022-01-05 10:01:36.961root 11241100x80000000000000006956361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a63ce7a07d904072022-01-05 10:01:36.961root 11241100x80000000000000006956362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fc0fbc9300816a2022-01-05 10:01:36.961root 11241100x80000000000000006956363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619cdc43b310cd172022-01-05 10:01:36.961root 11241100x80000000000000006956364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60884fdb8a1a41a32022-01-05 10:01:36.961root 11241100x80000000000000006956365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087d16367aa606602022-01-05 10:01:36.962root 11241100x80000000000000006956366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5568dea4ec9460592022-01-05 10:01:36.962root 11241100x80000000000000006956367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d8adf9e57a07702022-01-05 10:01:36.962root 11241100x80000000000000006956368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70ef59fdadafbc52022-01-05 10:01:36.962root 11241100x80000000000000006956369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7d11571cb2ab892022-01-05 10:01:36.962root 11241100x80000000000000006956370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bf0b4de6b9ec0c2022-01-05 10:01:36.962root 11241100x80000000000000006956371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8fe843956e3e872022-01-05 10:01:36.962root 11241100x80000000000000006956372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b22908af38e8f7f2022-01-05 10:01:36.962root 11241100x80000000000000006956373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753b28150abbc04e2022-01-05 10:01:36.962root 11241100x80000000000000006956374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed25dff6928f2712022-01-05 10:01:36.963root 11241100x80000000000000006956375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8e738c0723142a2022-01-05 10:01:36.963root 11241100x80000000000000006956376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd8ca284312d2a72022-01-05 10:01:36.963root 11241100x80000000000000006956377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c9c5e71752b25c2022-01-05 10:01:36.963root 11241100x80000000000000006956378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d6e6c9a021e2092022-01-05 10:01:36.963root 11241100x80000000000000006956379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d36cfd5b325d8e32022-01-05 10:01:36.963root 11241100x80000000000000006956380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3eb36a685cf5ce2022-01-05 10:01:36.963root 11241100x80000000000000006956381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f6129aa979ba712022-01-05 10:01:36.963root 11241100x80000000000000006956382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769171c1dd1d83762022-01-05 10:01:37.460root 11241100x80000000000000006956383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4095f56c782099f92022-01-05 10:01:37.460root 11241100x80000000000000006956384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c84fc6c5f8ea4c2022-01-05 10:01:37.460root 11241100x80000000000000006956385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f988cb6ee345532022-01-05 10:01:37.461root 11241100x80000000000000006956386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd66f83a22d3df052022-01-05 10:01:37.461root 11241100x80000000000000006956387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065963f0e645b4b02022-01-05 10:01:37.461root 11241100x80000000000000006956388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efd3627c31fac0f2022-01-05 10:01:37.461root 11241100x80000000000000006956389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac077a80dead326f2022-01-05 10:01:37.461root 11241100x80000000000000006956390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a21ac33c6c22c292022-01-05 10:01:37.461root 11241100x80000000000000006956391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2655a307d6ed7922022-01-05 10:01:37.461root 11241100x80000000000000006956392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d34bd07fee2aa62022-01-05 10:01:37.461root 11241100x80000000000000006956393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9328e98db8cc84232022-01-05 10:01:37.461root 11241100x80000000000000006956394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c070fbe18e83e2712022-01-05 10:01:37.462root 11241100x80000000000000006956395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b7a82853870b452022-01-05 10:01:37.462root 11241100x80000000000000006956396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc34b3ccf047fe422022-01-05 10:01:37.462root 11241100x80000000000000006956397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61a8d0f9532fec82022-01-05 10:01:37.462root 11241100x80000000000000006956398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b274290843e2c72022-01-05 10:01:37.462root 11241100x80000000000000006956399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779e9ff176ae59b42022-01-05 10:01:37.462root 11241100x80000000000000006956400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11c0faff171d9402022-01-05 10:01:37.462root 11241100x80000000000000006956401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88e09f494febda62022-01-05 10:01:37.462root 11241100x80000000000000006956402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717bd6a66248c35d2022-01-05 10:01:37.462root 11241100x80000000000000006956403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71351602ad5cefd42022-01-05 10:01:37.462root 11241100x80000000000000006956404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69dcc1eeed45ae82022-01-05 10:01:37.463root 11241100x80000000000000006956405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32505940436f4b142022-01-05 10:01:37.463root 11241100x80000000000000006956406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504280778839db8f2022-01-05 10:01:37.463root 11241100x80000000000000006956407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0c44f411be35d32022-01-05 10:01:37.463root 11241100x80000000000000006956408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e0593f3120ea6d2022-01-05 10:01:37.463root 11241100x80000000000000006956409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a5f66d67440dc72022-01-05 10:01:37.463root 11241100x80000000000000006956410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9557f797079c601d2022-01-05 10:01:37.463root 11241100x80000000000000006956411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2c2aed1a8700922022-01-05 10:01:37.463root 11241100x80000000000000006956412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76d5ceaf0b64d152022-01-05 10:01:37.463root 11241100x80000000000000006956413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1eda93170cbfea2022-01-05 10:01:37.463root 11241100x80000000000000006956414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e4b9ff9d0953432022-01-05 10:01:37.960root 11241100x80000000000000006956415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3242049750b586762022-01-05 10:01:37.960root 11241100x80000000000000006956416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dc6d8867b6a6a92022-01-05 10:01:37.960root 11241100x80000000000000006956417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc7572bc761a5f22022-01-05 10:01:37.961root 11241100x80000000000000006956418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875e8c885502cf012022-01-05 10:01:37.961root 11241100x80000000000000006956419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e652ec533176f122022-01-05 10:01:37.961root 11241100x80000000000000006956420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce94a21ee8acb5db2022-01-05 10:01:37.961root 11241100x80000000000000006956421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97cbfe6bcb17e622022-01-05 10:01:37.961root 11241100x80000000000000006956422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f80e43b95ba35a2022-01-05 10:01:37.961root 11241100x80000000000000006956423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0ac698b6e9fea2022-01-05 10:01:37.961root 11241100x80000000000000006956424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479db16db08d4f462022-01-05 10:01:37.961root 11241100x80000000000000006956425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45771375f0d1abfc2022-01-05 10:01:37.962root 11241100x80000000000000006956426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ee2e2bc63e0eac2022-01-05 10:01:37.962root 11241100x80000000000000006956427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb77094f11ef2962022-01-05 10:01:37.962root 11241100x80000000000000006956428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e2b87260979cbc2022-01-05 10:01:37.962root 11241100x80000000000000006956429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3df7049592f18b2022-01-05 10:01:37.962root 11241100x80000000000000006956430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85678fbfe12bb9c2022-01-05 10:01:37.962root 11241100x80000000000000006956431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779eca7f92460c5f2022-01-05 10:01:37.962root 11241100x80000000000000006956432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae46ff39662232d32022-01-05 10:01:37.962root 11241100x80000000000000006956433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c945b251d3c9b8892022-01-05 10:01:37.962root 11241100x80000000000000006956434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d35fd76f289d912022-01-05 10:01:37.962root 11241100x80000000000000006956435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d2afe28a515552022-01-05 10:01:37.963root 11241100x80000000000000006956436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3a6e524021a7bf2022-01-05 10:01:37.963root 11241100x80000000000000006956437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b8b34ef23633792022-01-05 10:01:37.963root 11241100x80000000000000006956438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cffe2e21ecda59a2022-01-05 10:01:37.963root 11241100x80000000000000006956439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eef451d220fbda2022-01-05 10:01:37.963root 11241100x80000000000000006956440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556375f7b4b062a12022-01-05 10:01:37.963root 11241100x80000000000000006956441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67032caa29a66d12022-01-05 10:01:37.963root 11241100x80000000000000006956442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bc68cb413208452022-01-05 10:01:37.963root 11241100x80000000000000006956443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c92ec74ef82a162022-01-05 10:01:37.963root 11241100x80000000000000006956444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e635f95b29185bf2022-01-05 10:01:37.963root 11241100x80000000000000006956445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378217dbdbbef4f62022-01-05 10:01:37.964root 11241100x80000000000000006956446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8c9fb69cb86e9e2022-01-05 10:01:38.460root 11241100x80000000000000006956447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2062760e3d522e922022-01-05 10:01:38.460root 11241100x80000000000000006956448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f933d9d402525b02022-01-05 10:01:38.460root 11241100x80000000000000006956449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c1cb91dbd9b8052022-01-05 10:01:38.460root 11241100x80000000000000006956450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612c2cf4d3eed3852022-01-05 10:01:38.461root 11241100x80000000000000006956451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4475dcd43548c52022-01-05 10:01:38.461root 11241100x80000000000000006956452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c859e78d0b9de1b2022-01-05 10:01:38.461root 11241100x80000000000000006956453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a12c2a053f44ea72022-01-05 10:01:38.461root 11241100x80000000000000006956454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f211a68bdf4aa6f42022-01-05 10:01:38.461root 11241100x80000000000000006956455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48bfd6cec51b1542022-01-05 10:01:38.461root 11241100x80000000000000006956456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa7f285ad685da12022-01-05 10:01:38.461root 11241100x80000000000000006956457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7d11f4fba4b9632022-01-05 10:01:38.461root 11241100x80000000000000006956458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6feb09e7afe3312022-01-05 10:01:38.462root 11241100x80000000000000006956459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e8b51c2ceead542022-01-05 10:01:38.462root 11241100x80000000000000006956460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c44c7dd6a0f2212022-01-05 10:01:38.462root 11241100x80000000000000006956461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89da251cefcb1b952022-01-05 10:01:38.462root 11241100x80000000000000006956462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5e2e4d892215c12022-01-05 10:01:38.462root 11241100x80000000000000006956463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a3e9ba5291e1b52022-01-05 10:01:38.462root 11241100x80000000000000006956464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce7dc268e55ff2e2022-01-05 10:01:38.462root 11241100x80000000000000006956465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01017fb10abced1e2022-01-05 10:01:38.462root 11241100x80000000000000006956466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227dbe4c1fc5ad4f2022-01-05 10:01:38.462root 11241100x80000000000000006956467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d50a81e6fd6f722022-01-05 10:01:38.462root 11241100x80000000000000006956468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ebbefb7a523e592022-01-05 10:01:38.462root 11241100x80000000000000006956469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60189e5311dc303a2022-01-05 10:01:38.462root 11241100x80000000000000006956470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cd3c1a921ae05a2022-01-05 10:01:38.462root 11241100x80000000000000006956471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fa99eecc030d012022-01-05 10:01:38.462root 11241100x80000000000000006956472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7604de533ae34cac2022-01-05 10:01:38.462root 11241100x80000000000000006956473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59026488d93ab642022-01-05 10:01:38.463root 11241100x80000000000000006956474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f2c87c5fa46ba72022-01-05 10:01:38.463root 11241100x80000000000000006956475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9356b46f27feff242022-01-05 10:01:38.463root 11241100x80000000000000006956476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6eda86042e666b2022-01-05 10:01:38.463root 11241100x80000000000000006956477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6798de42808d1bf72022-01-05 10:01:38.463root 11241100x80000000000000006956478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965793e84df834b72022-01-05 10:01:38.960root 11241100x80000000000000006956479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29157cc65b694b382022-01-05 10:01:38.960root 11241100x80000000000000006956480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81658cea5444b5012022-01-05 10:01:38.961root 11241100x80000000000000006956481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232725835cf77f532022-01-05 10:01:38.961root 11241100x80000000000000006956482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f64a2240359c092022-01-05 10:01:38.961root 11241100x80000000000000006956483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11006e2e6ea12c92022-01-05 10:01:38.961root 11241100x80000000000000006956484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e19a5d0ae9e37482022-01-05 10:01:38.961root 11241100x80000000000000006956485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c80a230c0a85172022-01-05 10:01:38.961root 11241100x80000000000000006956486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b369ebfa01456b032022-01-05 10:01:38.962root 11241100x80000000000000006956487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2d59919c129d712022-01-05 10:01:38.962root 11241100x80000000000000006956488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de10a5db50180b2022-01-05 10:01:38.962root 11241100x80000000000000006956489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a3e427e7350e122022-01-05 10:01:38.962root 11241100x80000000000000006956490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8193a31560fda6a2022-01-05 10:01:38.962root 11241100x80000000000000006956491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b313c322c401b6a2022-01-05 10:01:38.962root 11241100x80000000000000006956492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f6a0b7107fa9512022-01-05 10:01:38.962root 11241100x80000000000000006956493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dece4b7776bbd06d2022-01-05 10:01:38.962root 11241100x80000000000000006956494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e9dda7c00415d82022-01-05 10:01:38.962root 11241100x80000000000000006956495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda00939bb0593812022-01-05 10:01:38.963root 11241100x80000000000000006956496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3767fda02e5699e02022-01-05 10:01:38.963root 11241100x80000000000000006956497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605f29cccfb51a262022-01-05 10:01:38.963root 11241100x80000000000000006956498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6352e7195712812022-01-05 10:01:38.963root 11241100x80000000000000006956499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4ecb71fd5013c62022-01-05 10:01:38.963root 11241100x80000000000000006956500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5eb31b5f961e932022-01-05 10:01:38.963root 11241100x80000000000000006956501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9579f932f7070b92022-01-05 10:01:38.963root 11241100x80000000000000006956502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215ccacccc8a593f2022-01-05 10:01:38.963root 11241100x80000000000000006956503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ea19afbe9870912022-01-05 10:01:38.963root 11241100x80000000000000006956504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de11bddfae9494d32022-01-05 10:01:38.964root 11241100x80000000000000006956505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0190ca0fbb79ac2022-01-05 10:01:38.964root 11241100x80000000000000006956506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e399c16993acb882022-01-05 10:01:38.965root 11241100x80000000000000006956507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7adeb1030cf9e22022-01-05 10:01:38.965root 11241100x80000000000000006956508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e086ee06b48f40d2022-01-05 10:01:38.965root 11241100x80000000000000006956509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fb087b111f67162022-01-05 10:01:38.965root 354300x80000000000000006956510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.157{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41690-false10.0.1.12-8000- 354300x80000000000000006956511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.292{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse47.253.45.0-46318-false10.0.1.25-22- 11241100x80000000000000006956512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.293{ec2e79f3-6c83-61d5-0000-000000000000}23002/usr/sbin/sshd/proc/23002/oom_score_adj2022-01-05 10:01:39.293root 154100x80000000000000006956513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.293{ec2e79f3-6c83-61d5-e077-b38aaa550000}23002/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 11241100x80000000000000006956514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b1e9141fd191a42022-01-05 10:01:39.294root 11241100x80000000000000006956515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ba5a9439e8bad72022-01-05 10:01:39.294root 11241100x80000000000000006956516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4af08cc792f5df02022-01-05 10:01:39.294root 11241100x80000000000000006956517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900b15de0ca33b222022-01-05 10:01:39.294root 11241100x80000000000000006956518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391df5169c69bc382022-01-05 10:01:39.294root 11241100x80000000000000006956519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdc31e3758fe1502022-01-05 10:01:39.294root 11241100x80000000000000006956520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e731111183adc52022-01-05 10:01:39.294root 11241100x80000000000000006956521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f86cdf95867e492022-01-05 10:01:39.294root 11241100x80000000000000006956522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2fef3afa1398f72022-01-05 10:01:39.295root 11241100x80000000000000006956523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97311d8659f670af2022-01-05 10:01:39.295root 11241100x80000000000000006956524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477cb2470486b1442022-01-05 10:01:39.295root 11241100x80000000000000006956525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de1f825c1f0a19f2022-01-05 10:01:39.295root 11241100x80000000000000006956526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff87b674f84b72c2022-01-05 10:01:39.295root 11241100x80000000000000006956527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb57f3e2ac199f12022-01-05 10:01:39.295root 11241100x80000000000000006956528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091298a7659fcb5f2022-01-05 10:01:39.295root 11241100x80000000000000006956529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb3f5c1fb7bdad22022-01-05 10:01:39.295root 11241100x80000000000000006956530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb327337ab70a0a2022-01-05 10:01:39.295root 11241100x80000000000000006956531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb97229d891d875e2022-01-05 10:01:39.296root 11241100x80000000000000006956532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff0257823346d1a2022-01-05 10:01:39.296root 11241100x80000000000000006956533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00a73b25bf115112022-01-05 10:01:39.296root 11241100x80000000000000006956534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a10e14bfcf29e2022-01-05 10:01:39.296root 11241100x80000000000000006956535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523475800f7a59852022-01-05 10:01:39.296root 11241100x80000000000000006956536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d12f58bbea292d2022-01-05 10:01:39.296root 11241100x80000000000000006956537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5845507a9763aa982022-01-05 10:01:39.296root 11241100x80000000000000006956538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67132f3506daaafe2022-01-05 10:01:39.296root 11241100x80000000000000006956539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac867d46647813082022-01-05 10:01:39.296root 11241100x80000000000000006956540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fd57324d78208a2022-01-05 10:01:39.296root 11241100x80000000000000006956541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b233eb24efbe11b42022-01-05 10:01:39.296root 11241100x80000000000000006956542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.297{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4781488fb3ed262022-01-05 10:01:39.297root 11241100x80000000000000006956543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.297{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0cc6676d7f761d2022-01-05 10:01:39.297root 11241100x80000000000000006956544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.298{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea474331c5a69152022-01-05 10:01:39.298root 11241100x80000000000000006956545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.298{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185c34c131464a552022-01-05 10:01:39.298root 11241100x80000000000000006956546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feadd9acd4da43b92022-01-05 10:01:39.305root 11241100x80000000000000006956547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1239ba12570246632022-01-05 10:01:39.305root 11241100x80000000000000006956548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c53bb904364c27e2022-01-05 10:01:39.305root 11241100x80000000000000006956549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95730e85af5711122022-01-05 10:01:39.305root 11241100x80000000000000006956550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b5436a910a3e2c2022-01-05 10:01:39.305root 11241100x80000000000000006956551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecee29b9a2c396202022-01-05 10:01:39.305root 11241100x80000000000000006956552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1fcef35c4658482022-01-05 10:01:39.305root 11241100x80000000000000006956553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d691e96890414a2022-01-05 10:01:39.306root 11241100x80000000000000006956554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bb3948eb67e6a22022-01-05 10:01:39.306root 11241100x80000000000000006956555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2afc0d865e479422022-01-05 10:01:39.306root 11241100x80000000000000006956556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be690914450af7e2022-01-05 10:01:39.306root 11241100x80000000000000006956557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1c554048d99ec2022-01-05 10:01:39.306root 11241100x80000000000000006956558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afbc845bedf339d2022-01-05 10:01:39.306root 11241100x80000000000000006956559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d6d89041a9ec502022-01-05 10:01:39.306root 11241100x80000000000000006956560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbb2d6ffe9873112022-01-05 10:01:39.306root 11241100x80000000000000006956561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cce0f5c236beb32022-01-05 10:01:39.306root 11241100x80000000000000006956562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbee594e274cf8d2022-01-05 10:01:39.307root 11241100x80000000000000006956563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7f116e697647c12022-01-05 10:01:39.307root 11241100x80000000000000006956564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340b828caff68ea42022-01-05 10:01:39.307root 11241100x80000000000000006956565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce4a046d0565afc2022-01-05 10:01:39.307root 11241100x80000000000000006956566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b8c5767d7ce9372022-01-05 10:01:39.307root 11241100x80000000000000006956567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b88280fa8e345f2022-01-05 10:01:39.307root 11241100x80000000000000006956568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6fee3efe8c6f1d2022-01-05 10:01:39.307root 11241100x80000000000000006956569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03480c5656801f4d2022-01-05 10:01:39.308root 11241100x80000000000000006956570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637489efa16307eb2022-01-05 10:01:39.308root 11241100x80000000000000006956571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121bbf5533b98ae52022-01-05 10:01:39.308root 11241100x80000000000000006956572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0f856a3d17711b2022-01-05 10:01:39.308root 11241100x80000000000000006956573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffebdf17a48617a72022-01-05 10:01:39.308root 11241100x80000000000000006956574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb3dc2955677d362022-01-05 10:01:39.308root 11241100x80000000000000006956575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d655657ee108942022-01-05 10:01:39.308root 11241100x80000000000000006956576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.309{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0c4a46745646932022-01-05 10:01:39.309root 11241100x80000000000000006956577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dea72e82287646b2022-01-05 10:01:39.310root 11241100x80000000000000006956578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f524861ae76269f2022-01-05 10:01:39.310root 11241100x80000000000000006956579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caf8484412b54172022-01-05 10:01:39.310root 11241100x80000000000000006956580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926d5476d1a0ee0c2022-01-05 10:01:39.310root 11241100x80000000000000006956581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e1c1527df0b0ce2022-01-05 10:01:39.310root 11241100x80000000000000006956582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91961e14d26e0b742022-01-05 10:01:39.310root 11241100x80000000000000006956583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9961cfd4325a14372022-01-05 10:01:39.310root 11241100x80000000000000006956584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4f0272598f178f2022-01-05 10:01:39.310root 11241100x80000000000000006956585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b659fb331c73c12022-01-05 10:01:39.311root 11241100x80000000000000006956586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3150f311285d6a2022-01-05 10:01:39.311root 11241100x80000000000000006956587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f450e3508ab91072022-01-05 10:01:39.311root 11241100x80000000000000006956588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfb9e23688f9e462022-01-05 10:01:39.311root 11241100x80000000000000006956589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2789e5aa07c1ce6f2022-01-05 10:01:39.311root 11241100x80000000000000006956590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947eb846770958252022-01-05 10:01:39.311root 11241100x80000000000000006956591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c68e886d09e3c822022-01-05 10:01:39.311root 11241100x80000000000000006956592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.312{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3e6fed541a4c1d2022-01-05 10:01:39.312root 11241100x80000000000000006956593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.312{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eebf85c2892ed622022-01-05 10:01:39.312root 11241100x80000000000000006956594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.312{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f29ee1a24f62782022-01-05 10:01:39.312root 11241100x80000000000000006956595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.312{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c9ce81147e44812022-01-05 10:01:39.312root 534500x80000000000000006956596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.405{ec2e79f3-6c83-61d5-e077-b38aaa550000}23002/usr/sbin/sshdroot 11241100x80000000000000006956597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab19e1cd61f08652022-01-05 10:01:39.710root 11241100x80000000000000006956598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985fd2c1be41f3e82022-01-05 10:01:39.710root 11241100x80000000000000006956599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057b9a7287dff25c2022-01-05 10:01:39.710root 11241100x80000000000000006956600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76b776237de62222022-01-05 10:01:39.710root 11241100x80000000000000006956601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7756a1635c0f3fb2022-01-05 10:01:39.710root 11241100x80000000000000006956602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8691c07cd573a64e2022-01-05 10:01:39.710root 11241100x80000000000000006956603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b751bba50e8f5d72022-01-05 10:01:39.712root 11241100x80000000000000006956604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15d79cd22f4dbc32022-01-05 10:01:39.712root 11241100x80000000000000006956605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95f7f75567d7c0c2022-01-05 10:01:39.712root 11241100x80000000000000006956606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0668435adf196e3c2022-01-05 10:01:39.712root 11241100x80000000000000006956607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7518bd5b02e8ec2022-01-05 10:01:39.712root 11241100x80000000000000006956608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e9d05b8e1e8f022022-01-05 10:01:39.712root 11241100x80000000000000006956609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad47d9f4ae8e8c32022-01-05 10:01:39.713root 11241100x80000000000000006956610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf87ccf72e8c15cc2022-01-05 10:01:39.713root 11241100x80000000000000006956611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaba5b7493f3e6b2022-01-05 10:01:39.713root 11241100x80000000000000006956612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7dd3a2e89a83a82022-01-05 10:01:39.713root 11241100x80000000000000006956613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166ed55abc7ae4d82022-01-05 10:01:39.713root 11241100x80000000000000006956614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07456b625c19f8df2022-01-05 10:01:39.713root 11241100x80000000000000006956615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d118755091062d0e2022-01-05 10:01:39.713root 11241100x80000000000000006956616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbb177ec8dea1a52022-01-05 10:01:39.713root 11241100x80000000000000006956617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62700929ef2a13372022-01-05 10:01:39.714root 11241100x80000000000000006956618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7306d71983b771a32022-01-05 10:01:39.714root 11241100x80000000000000006956619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7389fcf9d597cac92022-01-05 10:01:39.714root 11241100x80000000000000006956620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268431160c6b1f522022-01-05 10:01:39.714root 11241100x80000000000000006956621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe33fc49a7fb3082022-01-05 10:01:39.714root 11241100x80000000000000006956622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7314503f84ac2d622022-01-05 10:01:39.714root 11241100x80000000000000006956623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3636fade79a76aec2022-01-05 10:01:39.714root 11241100x80000000000000006956624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff89e3d766edbf12022-01-05 10:01:39.715root 11241100x80000000000000006956625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a1bb80db5d50d62022-01-05 10:01:39.715root 11241100x80000000000000006956626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b85cdc7813e98672022-01-05 10:01:39.715root 11241100x80000000000000006956627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40972bb15786a0122022-01-05 10:01:39.715root 11241100x80000000000000006956628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc47c69716f5853b2022-01-05 10:01:39.715root 11241100x80000000000000006956629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61354ab6c2f1b7f02022-01-05 10:01:39.715root 11241100x80000000000000006956630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a11b27dc5f99a2022-01-05 10:01:39.715root 11241100x80000000000000006956631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acf2af4c692c5092022-01-05 10:01:39.715root 11241100x80000000000000006956632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7660d56fe8557c412022-01-05 10:01:39.715root 11241100x80000000000000006956633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db58bf4628257092022-01-05 10:01:39.715root 11241100x80000000000000006956634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbd5ddb6b58d12c2022-01-05 10:01:39.715root 11241100x80000000000000006956635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7608b9984799717c2022-01-05 10:01:39.715root 11241100x80000000000000006956636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a84f320eb3193b2022-01-05 10:01:39.716root 11241100x80000000000000006956637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ccfbe9cb25983c2022-01-05 10:01:39.716root 11241100x80000000000000006956638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fad056a692405b2022-01-05 10:01:39.716root 11241100x80000000000000006956639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aa39f6428b32dc2022-01-05 10:01:39.716root 11241100x80000000000000006956640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715ba31f6f8cb7bb2022-01-05 10:01:39.716root 11241100x80000000000000006956641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbcdb5998bb5fe32022-01-05 10:01:39.717root 11241100x80000000000000006956642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de075351a79ca2342022-01-05 10:01:39.717root 11241100x80000000000000006956643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c5ec87d6e9d3712022-01-05 10:01:39.717root 11241100x80000000000000006956644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921510e4b1e4b60a2022-01-05 10:01:39.717root 11241100x80000000000000006956645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336ec5dedb67e1442022-01-05 10:01:39.717root 11241100x80000000000000006956646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c17d0604764fcd62022-01-05 10:01:39.717root 11241100x80000000000000006956647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7906fa4e09eaa4c62022-01-05 10:01:39.717root 11241100x80000000000000006956648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3fff37ba5bbdaf2022-01-05 10:01:39.717root 11241100x80000000000000006956649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac9f17945a148482022-01-05 10:01:39.717root 11241100x80000000000000006956650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f237e371d8485172022-01-05 10:01:39.717root 11241100x80000000000000006956651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4323b4c8535ed102022-01-05 10:01:39.717root 11241100x80000000000000006956652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4906e7db72eb83fb2022-01-05 10:01:39.717root 11241100x80000000000000006956653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25c4b08728e3d842022-01-05 10:01:39.718root 11241100x80000000000000006956654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839dafee496da50e2022-01-05 10:01:39.718root 11241100x80000000000000006956655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f36d3cf1c02b492022-01-05 10:01:39.718root 11241100x80000000000000006956656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fced51d7a80e48642022-01-05 10:01:39.718root 11241100x80000000000000006956657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f51babfbec7b8d2022-01-05 10:01:39.718root 11241100x80000000000000006956658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c524f67e2341fa2022-01-05 10:01:40.209root 11241100x80000000000000006956659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede2d0e19bd166e32022-01-05 10:01:40.209root 11241100x80000000000000006956660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3126622348c789912022-01-05 10:01:40.209root 11241100x80000000000000006956661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a790d9047b2b93042022-01-05 10:01:40.209root 11241100x80000000000000006956662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4018b335e0ec3632022-01-05 10:01:40.209root 11241100x80000000000000006956663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfbbbfef44183a52022-01-05 10:01:40.210root 11241100x80000000000000006956664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c785aa7bb0ff7b2022-01-05 10:01:40.210root 11241100x80000000000000006956665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a892942fdd168bb2022-01-05 10:01:40.210root 11241100x80000000000000006956666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0554e12784904a002022-01-05 10:01:40.210root 11241100x80000000000000006956667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afcd6203ff145632022-01-05 10:01:40.210root 11241100x80000000000000006956668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58da1911fdde40c82022-01-05 10:01:40.211root 11241100x80000000000000006956669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49f764b6bca18ee2022-01-05 10:01:40.211root 11241100x80000000000000006956670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7e02cc6bdbb6742022-01-05 10:01:40.211root 11241100x80000000000000006956671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a72c7099d0566b22022-01-05 10:01:40.211root 11241100x80000000000000006956672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93971f905cee49ab2022-01-05 10:01:40.212root 11241100x80000000000000006956673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212d03b39bac2e6f2022-01-05 10:01:40.218root 11241100x80000000000000006956674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6878231f155203212022-01-05 10:01:40.218root 11241100x80000000000000006956675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8722248579b811832022-01-05 10:01:40.219root 11241100x80000000000000006956676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed996d7ecbd0f062022-01-05 10:01:40.219root 11241100x80000000000000006956677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec83123dbbe0ebd62022-01-05 10:01:40.219root 11241100x80000000000000006956678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214df73dfc3dd2412022-01-05 10:01:40.219root 11241100x80000000000000006956679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3788982871b3c3282022-01-05 10:01:40.219root 11241100x80000000000000006956680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee0fa8f7f51e6862022-01-05 10:01:40.219root 11241100x80000000000000006956681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e556b96a1e9bfac2022-01-05 10:01:40.219root 11241100x80000000000000006956682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762d737e41b870e42022-01-05 10:01:40.219root 11241100x80000000000000006956683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84039207cfc191702022-01-05 10:01:40.219root 11241100x80000000000000006956684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25957b44236b6c282022-01-05 10:01:40.219root 11241100x80000000000000006956685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4d6132c09c3c992022-01-05 10:01:40.220root 11241100x80000000000000006956686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d90ed801b2f21ad2022-01-05 10:01:40.220root 11241100x80000000000000006956687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01aebdd9497ce132022-01-05 10:01:40.220root 11241100x80000000000000006956688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebe6ac96532ef0c2022-01-05 10:01:40.220root 11241100x80000000000000006956689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ede4751679b5c52022-01-05 10:01:40.220root 11241100x80000000000000006956690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2914f2660ec8b72022-01-05 10:01:40.220root 11241100x80000000000000006956691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d79606eccc7b72022-01-05 10:01:40.220root 11241100x80000000000000006956692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8309b275fc04b802022-01-05 10:01:40.220root 11241100x80000000000000006956693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390aad93f7f145d02022-01-05 10:01:40.220root 11241100x80000000000000006956694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45aaa63b0785ad82022-01-05 10:01:40.220root 11241100x80000000000000006956695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2170b6f5769a4c802022-01-05 10:01:40.220root 11241100x80000000000000006956696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc257c05bcc2f2c82022-01-05 10:01:40.220root 11241100x80000000000000006956697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e837aefeb94fe312022-01-05 10:01:40.220root 11241100x80000000000000006956698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc0e5664d03596b2022-01-05 10:01:40.220root 11241100x80000000000000006956699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644663e2261055b2022-01-05 10:01:40.220root 11241100x80000000000000006956700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21f6fd9140cbc432022-01-05 10:01:40.220root 11241100x80000000000000006956701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7773347fa899b1952022-01-05 10:01:40.221root 11241100x80000000000000006956702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a614629dca8552cb2022-01-05 10:01:40.221root 11241100x80000000000000006956703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ac7af36fc66bb42022-01-05 10:01:40.221root 11241100x80000000000000006956704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d534b59cc207442022-01-05 10:01:40.221root 11241100x80000000000000006956705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96fa3d94453a7c42022-01-05 10:01:40.221root 11241100x80000000000000006956706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc0f8c8f1f69d52022-01-05 10:01:40.221root 11241100x80000000000000006956707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421aedf1789260582022-01-05 10:01:40.221root 11241100x80000000000000006956708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd50079f6c5bcb8a2022-01-05 10:01:40.221root 11241100x80000000000000006956709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eb6d4824eac3eb2022-01-05 10:01:40.221root 11241100x80000000000000006956710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3731f9e25723e12022-01-05 10:01:40.710root 11241100x80000000000000006956711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb81ffd7d5dfbfd92022-01-05 10:01:40.710root 11241100x80000000000000006956712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480a519185732b0b2022-01-05 10:01:40.710root 11241100x80000000000000006956713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1169d17c57f6642022-01-05 10:01:40.710root 11241100x80000000000000006956714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf980471e8ab66a2022-01-05 10:01:40.710root 11241100x80000000000000006956715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bcb6d34a28502e2022-01-05 10:01:40.710root 11241100x80000000000000006956716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff0fcb75709780e2022-01-05 10:01:40.710root 11241100x80000000000000006956717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee118b16ee44a952022-01-05 10:01:40.710root 11241100x80000000000000006956718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0a42cbc6c47fd92022-01-05 10:01:40.711root 11241100x80000000000000006956719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c7e8202f6e30c72022-01-05 10:01:40.711root 11241100x80000000000000006956720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eef810cd804b0e2022-01-05 10:01:40.711root 11241100x80000000000000006956721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1cfe59ece9ca2c2022-01-05 10:01:40.711root 11241100x80000000000000006956722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8a3fea20ff94a32022-01-05 10:01:40.711root 11241100x80000000000000006956723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5fa10136f3706c2022-01-05 10:01:40.711root 11241100x80000000000000006956724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2118acdece48a82022-01-05 10:01:40.711root 11241100x80000000000000006956725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a2b905e41ab24a2022-01-05 10:01:40.711root 11241100x80000000000000006956726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ec58bf20a7f94d2022-01-05 10:01:40.711root 11241100x80000000000000006956727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef1678f1887a1142022-01-05 10:01:40.712root 11241100x80000000000000006956728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168d9483e45241522022-01-05 10:01:40.712root 11241100x80000000000000006956729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96f8f13c0e053e92022-01-05 10:01:40.712root 11241100x80000000000000006956730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3036794ff499c82022-01-05 10:01:40.712root 11241100x80000000000000006956731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1458ea3ab8a62592022-01-05 10:01:40.712root 11241100x80000000000000006956732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bd66f1e3cb7afe2022-01-05 10:01:40.712root 11241100x80000000000000006956733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c2e36e720fefa42022-01-05 10:01:40.712root 11241100x80000000000000006956734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c3b615df25b0692022-01-05 10:01:40.712root 11241100x80000000000000006956735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec63be9d4cf87a32022-01-05 10:01:40.712root 11241100x80000000000000006956736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b926439217e71f432022-01-05 10:01:40.713root 11241100x80000000000000006956737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bfddb8013d01f72022-01-05 10:01:40.713root 11241100x80000000000000006956738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce56c41b884a643c2022-01-05 10:01:40.713root 11241100x80000000000000006956739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbec5829afffd1c72022-01-05 10:01:40.713root 11241100x80000000000000006956740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f069b6a694116e9d2022-01-05 10:01:40.713root 11241100x80000000000000006956741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa46af0d8934db42022-01-05 10:01:40.713root 11241100x80000000000000006956742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e89cee142b6f9e42022-01-05 10:01:40.713root 11241100x80000000000000006956743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1327ea66363f99d2022-01-05 10:01:40.713root 11241100x80000000000000006956744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35194401259a6422022-01-05 10:01:40.713root 11241100x80000000000000006956745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74431584fbc68cd12022-01-05 10:01:40.713root 11241100x80000000000000006956746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cbedffe11aaf3d2022-01-05 10:01:40.713root 11241100x80000000000000006956747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8300fdda2d8a652022-01-05 10:01:40.713root 11241100x80000000000000006956748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1404b95d8d90ef12022-01-05 10:01:40.714root 11241100x80000000000000006956749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6994a779bc6452022-01-05 10:01:40.714root 11241100x80000000000000006956750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c432741b4d2542052022-01-05 10:01:40.714root 11241100x80000000000000006956751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9793d1bac4ce042022-01-05 10:01:40.714root 11241100x80000000000000006956752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518e7a7265bc5b062022-01-05 10:01:40.714root 11241100x80000000000000006956753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e06992405af7ce2022-01-05 10:01:40.714root 11241100x80000000000000006956754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861f4df592fe0ba32022-01-05 10:01:40.714root 11241100x80000000000000006956755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f31c58d05c148b52022-01-05 10:01:40.714root 11241100x80000000000000006956756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c8a2dd45d31aa52022-01-05 10:01:40.714root 11241100x80000000000000006956757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb482342612992e2022-01-05 10:01:40.714root 11241100x80000000000000006956758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd80b887beefb88e2022-01-05 10:01:40.714root 11241100x80000000000000006956759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3350ce09162ef12022-01-05 10:01:40.714root 11241100x80000000000000006956760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153c3dbab8d177c72022-01-05 10:01:40.714root 11241100x80000000000000006956761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94817f597938219e2022-01-05 10:01:40.714root 11241100x80000000000000006956762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e232890f2d476e2022-01-05 10:01:40.714root 11241100x80000000000000006956763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7005d90682a5fa72022-01-05 10:01:40.715root 11241100x80000000000000006956764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb129e1db7a37ab2022-01-05 10:01:40.715root 11241100x80000000000000006956765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74ab9b7eac082c72022-01-05 10:01:40.715root 11241100x80000000000000006956766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f993fb6fd7cf10ab2022-01-05 10:01:40.715root 11241100x80000000000000006956767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4778fd52022734902022-01-05 10:01:40.715root 11241100x80000000000000006956768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e7abb2f7123e702022-01-05 10:01:40.715root 11241100x80000000000000006956769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656746509473e7552022-01-05 10:01:41.209root 11241100x80000000000000006956770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4a67265721ab6f2022-01-05 10:01:41.209root 11241100x80000000000000006956771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1b8c27de40e5222022-01-05 10:01:41.210root 11241100x80000000000000006956772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d305a87e3196e9252022-01-05 10:01:41.210root 11241100x80000000000000006956773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d02a71f9d93d402022-01-05 10:01:41.210root 11241100x80000000000000006956774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e910f5f08519aaf2022-01-05 10:01:41.210root 11241100x80000000000000006956775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4cdd658cc8ce8b2022-01-05 10:01:41.210root 11241100x80000000000000006956776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddee6b2d3eda9d22022-01-05 10:01:41.210root 11241100x80000000000000006956777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8dfd15d5689c2f2022-01-05 10:01:41.211root 11241100x80000000000000006956778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df68fcfb38e41abe2022-01-05 10:01:41.211root 11241100x80000000000000006956779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a83a19cb16dd702022-01-05 10:01:41.211root 11241100x80000000000000006956780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf33ed689a703fbd2022-01-05 10:01:41.211root 11241100x80000000000000006956781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8483553db000ef032022-01-05 10:01:41.211root 11241100x80000000000000006956782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bbc598e8b816012022-01-05 10:01:41.211root 11241100x80000000000000006956783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad4eaacc8712fb12022-01-05 10:01:41.211root 11241100x80000000000000006956784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee95e90a6c0b33c2022-01-05 10:01:41.212root 11241100x80000000000000006956785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759ce117e137bea32022-01-05 10:01:41.212root 11241100x80000000000000006956786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7813d74c54aad7302022-01-05 10:01:41.213root 11241100x80000000000000006956787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baee3d96aa14f832022-01-05 10:01:41.213root 11241100x80000000000000006956788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b874359ec5a251392022-01-05 10:01:41.213root 11241100x80000000000000006956789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6621206cc370292022-01-05 10:01:41.214root 11241100x80000000000000006956790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01b07fd836879802022-01-05 10:01:41.214root 11241100x80000000000000006956791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726ecb570c9d7e0b2022-01-05 10:01:41.214root 11241100x80000000000000006956792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e533f41f1680cb2022-01-05 10:01:41.214root 11241100x80000000000000006956793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d6ad6e16b701a92022-01-05 10:01:41.215root 11241100x80000000000000006956794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57245d8262bfdd0d2022-01-05 10:01:41.215root 11241100x80000000000000006956795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ceddca7d1b51962022-01-05 10:01:41.215root 11241100x80000000000000006956796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c9f1951f911e2d2022-01-05 10:01:41.215root 11241100x80000000000000006956797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219c28b081c7e9212022-01-05 10:01:41.215root 11241100x80000000000000006956798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d87afe5e00aa0b2022-01-05 10:01:41.215root 11241100x80000000000000006956799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1a28dce289e4152022-01-05 10:01:41.215root 11241100x80000000000000006956800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852ac4c6d9093f402022-01-05 10:01:41.215root 11241100x80000000000000006956801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447ca87a0c2648e52022-01-05 10:01:41.215root 11241100x80000000000000006956802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc06b55dc0467c32022-01-05 10:01:41.216root 11241100x80000000000000006956803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf49124826e24d932022-01-05 10:01:41.216root 11241100x80000000000000006956804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4361dcdbfacc4a4d2022-01-05 10:01:41.216root 11241100x80000000000000006956805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357fe0ea7fd09672022-01-05 10:01:41.216root 11241100x80000000000000006956806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236386aac6d98ae52022-01-05 10:01:41.216root 11241100x80000000000000006956807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec54a93c2badf792022-01-05 10:01:41.216root 11241100x80000000000000006956808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d2175b1b09184f2022-01-05 10:01:41.216root 11241100x80000000000000006956809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d014ad0c6c4fab2022-01-05 10:01:41.217root 11241100x80000000000000006956810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197015a5f4f722d82022-01-05 10:01:41.217root 11241100x80000000000000006956811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c784f69a488f36f2022-01-05 10:01:41.217root 11241100x80000000000000006956812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7290b44f24230e62022-01-05 10:01:41.217root 11241100x80000000000000006956813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e22b78720e6ec82022-01-05 10:01:41.217root 11241100x80000000000000006956814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e26fc1a0ef163232022-01-05 10:01:41.217root 11241100x80000000000000006956815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19404cc988a12ab12022-01-05 10:01:41.217root 11241100x80000000000000006956816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a91bde1c47246232022-01-05 10:01:41.218root 11241100x80000000000000006956817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6145ae6ddf0f4cac2022-01-05 10:01:41.218root 11241100x80000000000000006956818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ca55d39ad5d95b2022-01-05 10:01:41.218root 11241100x80000000000000006956819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e5490252733a252022-01-05 10:01:41.218root 11241100x80000000000000006956820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad1d293756d0bea2022-01-05 10:01:41.218root 11241100x80000000000000006956821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6693722dc414e252022-01-05 10:01:41.218root 11241100x80000000000000006956822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c3f9d1b7c04c5b2022-01-05 10:01:41.218root 11241100x80000000000000006956823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b6c0a368e6dfef2022-01-05 10:01:41.709root 11241100x80000000000000006956824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52101f710ddaaf532022-01-05 10:01:41.709root 11241100x80000000000000006956825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa712cd5c7812b0d2022-01-05 10:01:41.710root 11241100x80000000000000006956826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95317f3349f420c32022-01-05 10:01:41.710root 11241100x80000000000000006956827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28735ca0f312d9f2022-01-05 10:01:41.710root 11241100x80000000000000006956828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5515a2a8a884642022-01-05 10:01:41.710root 11241100x80000000000000006956829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866564839df9e8fe2022-01-05 10:01:41.710root 11241100x80000000000000006956830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7370040726cdb22022-01-05 10:01:41.710root 11241100x80000000000000006956831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aeb2c171c1eb582022-01-05 10:01:41.710root 11241100x80000000000000006956832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7929afd074e82022022-01-05 10:01:41.710root 11241100x80000000000000006956833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa1f5b0a415d79e2022-01-05 10:01:41.710root 11241100x80000000000000006956834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cb572fad70591f2022-01-05 10:01:41.711root 11241100x80000000000000006956835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98eb117e141ffb72022-01-05 10:01:41.711root 11241100x80000000000000006956836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee33f1ba79a87a082022-01-05 10:01:41.711root 11241100x80000000000000006956837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8276a9c63541b352022-01-05 10:01:41.711root 11241100x80000000000000006956838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984953fb765ae22f2022-01-05 10:01:41.711root 11241100x80000000000000006956839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559cef1cac062d6f2022-01-05 10:01:41.711root 11241100x80000000000000006956840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a31eac42a17ea22022-01-05 10:01:41.711root 11241100x80000000000000006956841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c984994bdc950e2022-01-05 10:01:41.711root 11241100x80000000000000006956842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b222828910ae28e62022-01-05 10:01:41.711root 11241100x80000000000000006956843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a29757a42b82772022-01-05 10:01:41.711root 11241100x80000000000000006956844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da2a4333c75e59b2022-01-05 10:01:41.712root 11241100x80000000000000006956845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589710bcc8f44e522022-01-05 10:01:41.712root 11241100x80000000000000006956846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd3e22c23f42dba2022-01-05 10:01:41.712root 11241100x80000000000000006956847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a865465bf43f573c2022-01-05 10:01:41.712root 11241100x80000000000000006956848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f003a7a6bee0072022-01-05 10:01:41.712root 11241100x80000000000000006956849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0ac0bb2ff45dc72022-01-05 10:01:41.712root 11241100x80000000000000006956850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eb36300ca0bf4c2022-01-05 10:01:41.712root 11241100x80000000000000006956851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec13569e9a37a1cf2022-01-05 10:01:41.712root 11241100x80000000000000006956852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be452e13b4f9271f2022-01-05 10:01:41.712root 11241100x80000000000000006956853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca4892e33f331da2022-01-05 10:01:41.713root 11241100x80000000000000006956854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fba963ac681d4b02022-01-05 10:01:41.713root 11241100x80000000000000006956855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caf1b2790e547dd2022-01-05 10:01:41.713root 11241100x80000000000000006956856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b3179f53e092a22022-01-05 10:01:41.713root 11241100x80000000000000006956857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69ceffe8a13f0932022-01-05 10:01:41.713root 11241100x80000000000000006956858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b42bb318fd65fe32022-01-05 10:01:41.713root 11241100x80000000000000006956859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8122a63ff769a32022-01-05 10:01:41.713root 11241100x80000000000000006956860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dd56e36d46d8932022-01-05 10:01:41.713root 11241100x80000000000000006956861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430dbf957d8d83ed2022-01-05 10:01:41.713root 11241100x80000000000000006956862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984ae70db20938ac2022-01-05 10:01:41.713root 11241100x80000000000000006956863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb50551139bb5d22022-01-05 10:01:41.713root 11241100x80000000000000006956864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91369cae28b6be262022-01-05 10:01:41.713root 11241100x80000000000000006956865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87b9bfbdb568f622022-01-05 10:01:41.714root 11241100x80000000000000006956866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f5b778ba529c672022-01-05 10:01:41.714root 11241100x80000000000000006956867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f5ce1c3ff323442022-01-05 10:01:41.714root 11241100x80000000000000006956868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428e17f7b85c3c042022-01-05 10:01:41.714root 11241100x80000000000000006956869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581d06ce2103bc632022-01-05 10:01:41.714root 11241100x80000000000000006956870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b0cdfead42ccb22022-01-05 10:01:41.714root 11241100x80000000000000006956871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09eae61794048e22022-01-05 10:01:41.714root 11241100x80000000000000006956872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac62c4ecc9f05ba62022-01-05 10:01:41.714root 11241100x80000000000000006956873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e17dbf67cfd6e92022-01-05 10:01:41.714root 11241100x80000000000000006956874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1580041fce93cf972022-01-05 10:01:41.714root 11241100x80000000000000006956875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1691ea1da4b5cf2022-01-05 10:01:41.714root 11241100x80000000000000006956876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3592cbdc2bb520492022-01-05 10:01:41.714root 11241100x80000000000000006956877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de20bd39f4a7d2b22022-01-05 10:01:41.714root 11241100x80000000000000006956878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad71a2903e7c13372022-01-05 10:01:41.714root 11241100x80000000000000006956879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74d8a06cae73fbd2022-01-05 10:01:41.715root 11241100x80000000000000006956880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7533e6be68427d42022-01-05 10:01:41.715root 11241100x80000000000000006956881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4633925a54b2682022-01-05 10:01:41.715root 11241100x80000000000000006956882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27972ad67b9ae4c92022-01-05 10:01:41.715root 11241100x80000000000000006956883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5c05e8af46410a2022-01-05 10:01:41.715root 11241100x80000000000000006956884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e57c5b00c4cf5db2022-01-05 10:01:41.715root 11241100x80000000000000006956885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab95f087b3940a82022-01-05 10:01:41.715root 11241100x80000000000000006956886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266badf25726757e2022-01-05 10:01:41.715root 11241100x80000000000000006956887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e6d93df13a959d2022-01-05 10:01:42.209root 11241100x80000000000000006956888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a8790c12256bd82022-01-05 10:01:42.209root 11241100x80000000000000006956889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11516c3f06fc11dc2022-01-05 10:01:42.210root 11241100x80000000000000006956890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6abfdd0e071f83b2022-01-05 10:01:42.210root 11241100x80000000000000006956891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb258ec620b29162022-01-05 10:01:42.210root 11241100x80000000000000006956892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46db30f9cb5312582022-01-05 10:01:42.210root 11241100x80000000000000006956893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51314136decc51f2022-01-05 10:01:42.210root 11241100x80000000000000006956894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1f1230b5d8f7042022-01-05 10:01:42.210root 11241100x80000000000000006956895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98ac97cf3513f142022-01-05 10:01:42.210root 11241100x80000000000000006956896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6169f64aa7512a2022-01-05 10:01:42.210root 11241100x80000000000000006956897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0ad96c316ebaab2022-01-05 10:01:42.210root 11241100x80000000000000006956898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de00273dd93b8852022-01-05 10:01:42.210root 11241100x80000000000000006956899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e138858a9ca4cc2022-01-05 10:01:42.211root 11241100x80000000000000006956900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb29c25c95c206d2022-01-05 10:01:42.211root 11241100x80000000000000006956901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3bfe271b02d9e92022-01-05 10:01:42.211root 11241100x80000000000000006956902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2985e386150c5d42022-01-05 10:01:42.211root 11241100x80000000000000006956903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d340a5c57a8f9d72022-01-05 10:01:42.211root 11241100x80000000000000006956904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03a7ece352a0de52022-01-05 10:01:42.211root 11241100x80000000000000006956905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45da0f6d1b526dc2022-01-05 10:01:42.211root 11241100x80000000000000006956906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65acfcecac836cf22022-01-05 10:01:42.211root 11241100x80000000000000006956907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff818e08281a2d122022-01-05 10:01:42.211root 11241100x80000000000000006956908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064a6d5b3b62a8932022-01-05 10:01:42.211root 11241100x80000000000000006956909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32964163b22b56e2022-01-05 10:01:42.212root 11241100x80000000000000006956910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121118f11fc2b8e62022-01-05 10:01:42.212root 11241100x80000000000000006956911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aa203faba912a52022-01-05 10:01:42.212root 11241100x80000000000000006956912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c89bf6336cbbf12022-01-05 10:01:42.212root 11241100x80000000000000006956913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e6bdfd1c29b9052022-01-05 10:01:42.212root 11241100x80000000000000006956914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f988be0ae680c2022022-01-05 10:01:42.212root 11241100x80000000000000006956915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9c132ee22e51f52022-01-05 10:01:42.212root 11241100x80000000000000006956916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c48aeece128a572022-01-05 10:01:42.212root 11241100x80000000000000006956917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830cf43cd43d70eb2022-01-05 10:01:42.212root 11241100x80000000000000006956918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9efd4b6aeaf23de2022-01-05 10:01:42.212root 11241100x80000000000000006956919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd9c98ea498701d2022-01-05 10:01:42.212root 11241100x80000000000000006956920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3db8e32791b7c282022-01-05 10:01:42.213root 11241100x80000000000000006956921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95d618ef4cc763d2022-01-05 10:01:42.213root 11241100x80000000000000006956922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1665de707bd27092022-01-05 10:01:42.213root 11241100x80000000000000006956923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb19831cf4e77cc32022-01-05 10:01:42.213root 11241100x80000000000000006956924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eba4300bbdbf19e2022-01-05 10:01:42.213root 11241100x80000000000000006956925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e8caf553eae8a52022-01-05 10:01:42.213root 11241100x80000000000000006956926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79481495e8f11af2022-01-05 10:01:42.213root 11241100x80000000000000006956927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8563123443d942c2022-01-05 10:01:42.213root 11241100x80000000000000006956928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eebf2f4cb4ac0b2022-01-05 10:01:42.213root 11241100x80000000000000006956929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91585caf5cde70e72022-01-05 10:01:42.213root 11241100x80000000000000006956930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f907ce7ab91db41d2022-01-05 10:01:42.213root 11241100x80000000000000006956931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8597ca9f1599d032022-01-05 10:01:42.213root 11241100x80000000000000006956932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f1e7e76e9835a2022-01-05 10:01:42.214root 11241100x80000000000000006956933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecf975ccd0bc3452022-01-05 10:01:42.214root 11241100x80000000000000006956934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64e796077f2ecd22022-01-05 10:01:42.214root 11241100x80000000000000006956935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e882cc7982fc5452022-01-05 10:01:42.214root 11241100x80000000000000006956936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa056eb5a373fc2022-01-05 10:01:42.214root 11241100x80000000000000006956937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0ad0351c9123d02022-01-05 10:01:42.214root 11241100x80000000000000006956938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4789e9dba8765da12022-01-05 10:01:42.214root 11241100x80000000000000006956939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9471901c967137862022-01-05 10:01:42.214root 11241100x80000000000000006956940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782614be58b16e232022-01-05 10:01:42.214root 11241100x80000000000000006956941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257a317d619bddfd2022-01-05 10:01:42.214root 11241100x80000000000000006956942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f70e5bc7c9b9612022-01-05 10:01:42.215root 11241100x80000000000000006956943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c0cf50a9b3f9102022-01-05 10:01:42.215root 11241100x80000000000000006956944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192159bb5c19cf712022-01-05 10:01:42.215root 11241100x80000000000000006956945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802a069fa623b8bf2022-01-05 10:01:42.215root 11241100x80000000000000006956946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70db78febcbc61e72022-01-05 10:01:42.215root 11241100x80000000000000006956947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d311dbe690480e12022-01-05 10:01:42.215root 11241100x80000000000000006956948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cef9ee60057d9062022-01-05 10:01:42.215root 11241100x80000000000000006956949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c860e6694d076c2022-01-05 10:01:42.215root 11241100x80000000000000006956950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4e03ce8c8beaea2022-01-05 10:01:42.215root 11241100x80000000000000006956951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f232303f0581a1b12022-01-05 10:01:42.215root 11241100x80000000000000006956952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e3e761091096812022-01-05 10:01:42.215root 11241100x80000000000000006956953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a99a88bb5ffbe2022-01-05 10:01:42.710root 11241100x80000000000000006956954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0164204ff9c746072022-01-05 10:01:42.710root 11241100x80000000000000006956955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf837bd19a389e6f2022-01-05 10:01:42.710root 11241100x80000000000000006956956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69b34a878e5c3442022-01-05 10:01:42.710root 11241100x80000000000000006956957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a9e9fa6aa928572022-01-05 10:01:42.710root 11241100x80000000000000006956958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e154bb741853e072022-01-05 10:01:42.710root 11241100x80000000000000006956959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6513b4ca968dc1e2022-01-05 10:01:42.710root 11241100x80000000000000006956960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c102ac15a8cb39d42022-01-05 10:01:42.710root 11241100x80000000000000006956961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a17d8daf59c2c72022-01-05 10:01:42.711root 11241100x80000000000000006956962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd3403ecc86831e2022-01-05 10:01:42.711root 11241100x80000000000000006956963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb967ff8c5ff27f42022-01-05 10:01:42.711root 11241100x80000000000000006956964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518a4f7ffa10663e2022-01-05 10:01:42.711root 11241100x80000000000000006956965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f24ec96fb608bc42022-01-05 10:01:42.711root 11241100x80000000000000006956966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45517c08821832532022-01-05 10:01:42.711root 11241100x80000000000000006956967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3c94078841c93f2022-01-05 10:01:42.711root 11241100x80000000000000006956968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8f9b39c02c57a22022-01-05 10:01:42.711root 11241100x80000000000000006956969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437c4be9ee11cad52022-01-05 10:01:42.711root 11241100x80000000000000006956970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16b978de8340e9a2022-01-05 10:01:42.711root 11241100x80000000000000006956971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcd903a7ce3299b2022-01-05 10:01:42.712root 11241100x80000000000000006956972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbe8111b8bea00d2022-01-05 10:01:42.712root 11241100x80000000000000006956973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b97bb52a5dbf6b2022-01-05 10:01:42.712root 11241100x80000000000000006956974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61c6e8f86ed581c2022-01-05 10:01:42.712root 11241100x80000000000000006956975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8928d367e3cdf6712022-01-05 10:01:42.712root 11241100x80000000000000006956976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a497227cee48f36f2022-01-05 10:01:42.712root 11241100x80000000000000006956977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508a523f70cb3a5f2022-01-05 10:01:42.712root 11241100x80000000000000006956978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc17e3eabd3dd352022-01-05 10:01:42.713root 11241100x80000000000000006956979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9208ca14e18237b2022-01-05 10:01:42.713root 11241100x80000000000000006956980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dcdda28b5fcd502022-01-05 10:01:42.714root 11241100x80000000000000006956981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48743347d6b3a5c2022-01-05 10:01:42.714root 11241100x80000000000000006956982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4079b956e83777742022-01-05 10:01:42.714root 11241100x80000000000000006956983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3359ef7ea57675d2022-01-05 10:01:42.714root 11241100x80000000000000006956984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b203eff142daeb1f2022-01-05 10:01:42.714root 11241100x80000000000000006956985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10a358c1c599b302022-01-05 10:01:42.714root 11241100x80000000000000006956986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f268a44a2ee5282022-01-05 10:01:42.714root 11241100x80000000000000006956987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c3fc16daabbd542022-01-05 10:01:42.715root 11241100x80000000000000006956988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6283c4239c91802022-01-05 10:01:42.715root 11241100x80000000000000006956989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151ea01a5f374f152022-01-05 10:01:42.715root 11241100x80000000000000006956990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adc27bce24106082022-01-05 10:01:42.715root 11241100x80000000000000006956991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ab559e95b73f492022-01-05 10:01:42.715root 11241100x80000000000000006956992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeec6127e23a94b2022-01-05 10:01:42.715root 11241100x80000000000000006956993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb91530a07544c12022-01-05 10:01:42.715root 11241100x80000000000000006956994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77a6a915f4337562022-01-05 10:01:42.715root 11241100x80000000000000006956995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de72951dfd5457492022-01-05 10:01:42.715root 11241100x80000000000000006956996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e642d90e68a3cc62022-01-05 10:01:42.716root 11241100x80000000000000006956997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d41317e924bdd42022-01-05 10:01:42.716root 11241100x80000000000000006956998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8f76b3790da6612022-01-05 10:01:42.716root 11241100x80000000000000006956999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6522d1d53ab099d2022-01-05 10:01:42.716root 11241100x80000000000000006957000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578c238c1cb1ecdd2022-01-05 10:01:42.716root 11241100x80000000000000006957001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022eccbd225893df2022-01-05 10:01:42.716root 11241100x80000000000000006957002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c5a4d4ede4840b2022-01-05 10:01:42.716root 11241100x80000000000000006957003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1c8d2ca5bdb0f22022-01-05 10:01:42.716root 11241100x80000000000000006957004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e7f5b2b78aae402022-01-05 10:01:42.717root 11241100x80000000000000006957005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0347084d9e782392022-01-05 10:01:42.717root 11241100x80000000000000006957006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a716da4b5e525eb2022-01-05 10:01:42.717root 11241100x80000000000000006957007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f18480804d747a72022-01-05 10:01:42.717root 11241100x80000000000000006957008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d4a2ef76b8c1dc2022-01-05 10:01:42.717root 11241100x80000000000000006957009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b756e84fa8bc7ee2022-01-05 10:01:42.717root 11241100x80000000000000006957010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8098a00d39fd042022-01-05 10:01:42.717root 11241100x80000000000000006957011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a57b195367af1bc2022-01-05 10:01:42.718root 11241100x80000000000000006957012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d751a22ba77b1b832022-01-05 10:01:42.718root 11241100x80000000000000006957013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532ff6d3dd0e2fd12022-01-05 10:01:42.718root 11241100x80000000000000006957014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394727224fa9b4a22022-01-05 10:01:42.718root 11241100x80000000000000006957015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da6d6cc0796da912022-01-05 10:01:43.209root 11241100x80000000000000006957016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01079d00a73f51b32022-01-05 10:01:43.210root 11241100x80000000000000006957017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3297fbfa625d85ea2022-01-05 10:01:43.210root 11241100x80000000000000006957018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa3e1bf9fd544f72022-01-05 10:01:43.210root 11241100x80000000000000006957019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e855a78ebefca0bd2022-01-05 10:01:43.210root 11241100x80000000000000006957020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fae74fb335d8ac2022-01-05 10:01:43.210root 11241100x80000000000000006957021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ecf21575fc3ed82022-01-05 10:01:43.211root 11241100x80000000000000006957022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56bacf2ad772db82022-01-05 10:01:43.211root 11241100x80000000000000006957023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a937d67b9f83dd22022-01-05 10:01:43.211root 11241100x80000000000000006957024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a76b4ccb62393432022-01-05 10:01:43.211root 11241100x80000000000000006957025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c72385a081629f2022-01-05 10:01:43.211root 11241100x80000000000000006957026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0472d056f0440a7f2022-01-05 10:01:43.212root 11241100x80000000000000006957027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0b09200b9ce3fd2022-01-05 10:01:43.212root 11241100x80000000000000006957028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21c64aa6ac7987d2022-01-05 10:01:43.212root 11241100x80000000000000006957029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc68e675cb5573f2022-01-05 10:01:43.212root 11241100x80000000000000006957030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbdf394074270842022-01-05 10:01:43.212root 11241100x80000000000000006957031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68ea748d916dc4b2022-01-05 10:01:43.212root 11241100x80000000000000006957032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4a30ed66cfd7d52022-01-05 10:01:43.212root 11241100x80000000000000006957033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb7ee09f1f3ec22022-01-05 10:01:43.212root 11241100x80000000000000006957034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61808b77574eccad2022-01-05 10:01:43.212root 11241100x80000000000000006957035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc187987bb9e720b2022-01-05 10:01:43.212root 11241100x80000000000000006957036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8483eaba96e235f12022-01-05 10:01:43.212root 11241100x80000000000000006957037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd94ae5a8da9ab62022-01-05 10:01:43.212root 11241100x80000000000000006957038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5c9260551b709c2022-01-05 10:01:43.212root 11241100x80000000000000006957039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a3a77523df33c32022-01-05 10:01:43.212root 11241100x80000000000000006957040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecee7b6cb3eceb3c2022-01-05 10:01:43.213root 11241100x80000000000000006957041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b878966fe62b56e2022-01-05 10:01:43.213root 11241100x80000000000000006957042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a1b32ef7e956812022-01-05 10:01:43.213root 11241100x80000000000000006957043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357cfc18d8973b9f2022-01-05 10:01:43.213root 11241100x80000000000000006957044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ef9e4465855402022-01-05 10:01:43.213root 11241100x80000000000000006957045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259bf7778ea00c8e2022-01-05 10:01:43.213root 11241100x80000000000000006957046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895416da770a86782022-01-05 10:01:43.213root 11241100x80000000000000006957047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3625da32ec73a1b12022-01-05 10:01:43.213root 11241100x80000000000000006957048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17222fea142434a82022-01-05 10:01:43.213root 11241100x80000000000000006957049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7308588076b01c2022-01-05 10:01:43.213root 11241100x80000000000000006957050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0f1d3d4b7ce1ea2022-01-05 10:01:43.213root 11241100x80000000000000006957051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c954ae61c52c1bf62022-01-05 10:01:43.214root 11241100x80000000000000006957052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff9704d91ea02b92022-01-05 10:01:43.214root 11241100x80000000000000006957053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb74fcdc32d1ed32022-01-05 10:01:43.214root 11241100x80000000000000006957054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503c82923854e0e62022-01-05 10:01:43.214root 11241100x80000000000000006957055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc83a3cf5f8fa512022-01-05 10:01:43.214root 11241100x80000000000000006957056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae8edac61a3cb502022-01-05 10:01:43.214root 11241100x80000000000000006957057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dd49afe9499e032022-01-05 10:01:43.214root 11241100x80000000000000006957058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ea16bf27e8b5ac2022-01-05 10:01:43.218root 11241100x80000000000000006957059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39085f2fade8e5152022-01-05 10:01:43.218root 11241100x80000000000000006957060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fb1b584c6f440a2022-01-05 10:01:43.219root 11241100x80000000000000006957061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefc1be93e00b5e02022-01-05 10:01:43.219root 11241100x80000000000000006957062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a850a7762fa80c2022-01-05 10:01:43.709root 11241100x80000000000000006957063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a52468137b779162022-01-05 10:01:43.709root 11241100x80000000000000006957064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ee736f716495752022-01-05 10:01:43.710root 11241100x80000000000000006957065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3df8351c0bbc252022-01-05 10:01:43.710root 11241100x80000000000000006957066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8115bdf04f755c442022-01-05 10:01:43.710root 11241100x80000000000000006957067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba84c8f75ec8c3fd2022-01-05 10:01:43.710root 11241100x80000000000000006957068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e74475649e1e92022-01-05 10:01:43.710root 11241100x80000000000000006957069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b6d4c7ed2d29e22022-01-05 10:01:43.710root 11241100x80000000000000006957070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352e2c2c920ffd6d2022-01-05 10:01:43.711root 11241100x80000000000000006957071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4d14c40f1de4aa2022-01-05 10:01:43.712root 11241100x80000000000000006957072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba7121ce418b5552022-01-05 10:01:43.712root 11241100x80000000000000006957073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883badf72c345c1b2022-01-05 10:01:43.712root 11241100x80000000000000006957074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb46ecb2f4af6a02022-01-05 10:01:43.712root 11241100x80000000000000006957075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a0016a1ffe47a22022-01-05 10:01:43.712root 11241100x80000000000000006957076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f23d799bcb1c352022-01-05 10:01:43.712root 11241100x80000000000000006957077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e32c48f8e66aa12022-01-05 10:01:43.712root 11241100x80000000000000006957078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c91fb643d735922022-01-05 10:01:43.712root 11241100x80000000000000006957079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a13c8b5b2d12172022-01-05 10:01:43.713root 11241100x80000000000000006957080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dbf022e26251f72022-01-05 10:01:43.713root 11241100x80000000000000006957081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657d0b1f0515ea6b2022-01-05 10:01:43.713root 11241100x80000000000000006957082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff13491d29806f42022-01-05 10:01:43.714root 11241100x80000000000000006957083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1127ee4f4f25dd2022-01-05 10:01:43.714root 11241100x80000000000000006957084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfdc96ec6fd62ec2022-01-05 10:01:43.714root 11241100x80000000000000006957085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273eefd667c117ae2022-01-05 10:01:43.714root 11241100x80000000000000006957086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644f0b53e786b7f2022-01-05 10:01:43.714root 11241100x80000000000000006957087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f24342bc0e2ced82022-01-05 10:01:43.714root 11241100x80000000000000006957088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7bf53797266efa2022-01-05 10:01:43.714root 11241100x80000000000000006957089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166aa2723ce219c52022-01-05 10:01:43.714root 11241100x80000000000000006957090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66535a8c7248020b2022-01-05 10:01:43.715root 11241100x80000000000000006957091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f98882c6fcd0432022-01-05 10:01:43.715root 11241100x80000000000000006957092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ed093872d4ffba2022-01-05 10:01:43.715root 11241100x80000000000000006957093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a33e7bac78abf062022-01-05 10:01:43.715root 11241100x80000000000000006957094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae2749ce92661412022-01-05 10:01:43.715root 11241100x80000000000000006957095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654bb78c6d2075872022-01-05 10:01:43.715root 11241100x80000000000000006957096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11c68fdd03963912022-01-05 10:01:43.715root 11241100x80000000000000006957097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c07303e734cc5852022-01-05 10:01:43.715root 11241100x80000000000000006957098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3618d37a17467d32022-01-05 10:01:43.715root 11241100x80000000000000006957099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67e9c2dd3b96ad52022-01-05 10:01:43.716root 11241100x80000000000000006957100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe2842d52aed0992022-01-05 10:01:43.716root 11241100x80000000000000006957101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aed797eb753d8a2022-01-05 10:01:43.716root 11241100x80000000000000006957102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18652d99cc72625b2022-01-05 10:01:43.716root 11241100x80000000000000006957103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d6bfad722fe0ec2022-01-05 10:01:43.716root 11241100x80000000000000006957104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eac8ffc7e965462022-01-05 10:01:43.716root 11241100x80000000000000006957105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d806d8a2e6abb5d2022-01-05 10:01:43.716root 11241100x80000000000000006957106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88928032af277f142022-01-05 10:01:43.716root 11241100x80000000000000006957107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5a03085b5891fb2022-01-05 10:01:43.716root 11241100x80000000000000006957108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eadd4211e1d024e2022-01-05 10:01:43.716root 11241100x80000000000000006957109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad84fa09f88b4782022-01-05 10:01:43.716root 11241100x80000000000000006957110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e73e0fc36b58be2022-01-05 10:01:43.716root 11241100x80000000000000006957111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5908686b8331f9d42022-01-05 10:01:43.716root 11241100x80000000000000006957112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c51b830491e2d3f2022-01-05 10:01:43.717root 11241100x80000000000000006957113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9858e3d7d505f4262022-01-05 10:01:43.717root 11241100x80000000000000006957114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12214af1338b42082022-01-05 10:01:43.717root 11241100x80000000000000006957115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25b275bc02cdd1a2022-01-05 10:01:43.717root 11241100x80000000000000006957116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d5b9a87a307daf2022-01-05 10:01:43.717root 11241100x80000000000000006957117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db59e45420b69742022-01-05 10:01:43.717root 11241100x80000000000000006957118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb6eb43b81834b32022-01-05 10:01:43.717root 11241100x80000000000000006957119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba8c41a974965b32022-01-05 10:01:43.717root 11241100x80000000000000006957120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10475d1a3fe7bb312022-01-05 10:01:43.718root 11241100x80000000000000006957121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fc54f7e223d6ae2022-01-05 10:01:43.718root 11241100x80000000000000006957122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acba98f44465c522022-01-05 10:01:43.718root 11241100x80000000000000006957123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e4124019799aab2022-01-05 10:01:43.718root 11241100x80000000000000006957124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba4141b05a698f62022-01-05 10:01:43.718root 11241100x80000000000000006957125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8663be3f0b76242022-01-05 10:01:43.718root 11241100x80000000000000006957126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e599f6f5278e6b862022-01-05 10:01:43.718root 11241100x80000000000000006957127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8dc412fdc857fd2022-01-05 10:01:43.718root 11241100x80000000000000006957128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7926f20ca62c0772022-01-05 10:01:43.718root 11241100x80000000000000006957129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73953e4c89dd1212022-01-05 10:01:43.718root 354300x80000000000000006957130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.199{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41692-false10.0.1.12-8000- 11241100x80000000000000006957131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.199{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d86ff2ad6785c12022-01-05 10:01:44.199root 11241100x80000000000000006957132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.199{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a924990a39695b82022-01-05 10:01:44.199root 11241100x80000000000000006957133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0719499d697950462022-01-05 10:01:44.201root 11241100x80000000000000006957134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21965d57e5b18dc2022-01-05 10:01:44.201root 11241100x80000000000000006957135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b25d9012ed29592022-01-05 10:01:44.201root 11241100x80000000000000006957136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb1ebcf2dcd10772022-01-05 10:01:44.201root 11241100x80000000000000006957137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb58ea878afbdbaf2022-01-05 10:01:44.201root 11241100x80000000000000006957138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c07517fda5d65772022-01-05 10:01:44.201root 11241100x80000000000000006957139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46108e40c3fac6ea2022-01-05 10:01:44.201root 11241100x80000000000000006957140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee6e432d231cdf22022-01-05 10:01:44.202root 11241100x80000000000000006957141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5613c88378e3608b2022-01-05 10:01:44.202root 11241100x80000000000000006957142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ce6072237c44c2022-01-05 10:01:44.202root 11241100x80000000000000006957143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859c5f36b40b2bff2022-01-05 10:01:44.202root 11241100x80000000000000006957144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3b7a36fcfcb3d2022-01-05 10:01:44.202root 11241100x80000000000000006957145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f93b7f38a254582022-01-05 10:01:44.202root 11241100x80000000000000006957146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa71f1cf9c6a81f2022-01-05 10:01:44.202root 11241100x80000000000000006957147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0885265f2e9a5e2022-01-05 10:01:44.202root 11241100x80000000000000006957148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.203{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457b1f3c888644fe2022-01-05 10:01:44.203root 11241100x80000000000000006957149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d242a2d6f11819e2022-01-05 10:01:44.204root 11241100x80000000000000006957150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1da0fe4f7fbd1f2022-01-05 10:01:44.204root 11241100x80000000000000006957151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e12ff1227a16a242022-01-05 10:01:44.204root 11241100x80000000000000006957152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4321a7c15bd198462022-01-05 10:01:44.204root 11241100x80000000000000006957153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc5b53e8ab9f6282022-01-05 10:01:44.204root 11241100x80000000000000006957154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec8ddc5593386412022-01-05 10:01:44.204root 11241100x80000000000000006957155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b07115dc1bf722e2022-01-05 10:01:44.204root 11241100x80000000000000006957156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.205{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8017c7ece9e33e12022-01-05 10:01:44.205root 11241100x80000000000000006957157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.205{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e4d648fcb2dfa2022-01-05 10:01:44.205root 11241100x80000000000000006957158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.205{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1fdcea601bed9c2022-01-05 10:01:44.205root 11241100x80000000000000006957159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.206{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6738d83fc8cbadf2022-01-05 10:01:44.206root 11241100x80000000000000006957160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2289858d7408832022-01-05 10:01:44.208root 11241100x80000000000000006957161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01a1fadc04c1b042022-01-05 10:01:44.209root 11241100x80000000000000006957162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3ed98b07393cd72022-01-05 10:01:44.209root 11241100x80000000000000006957163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f925cac91e0d6a2022-01-05 10:01:44.209root 11241100x80000000000000006957164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a306c31726db3722022-01-05 10:01:44.209root 11241100x80000000000000006957165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf059a547f167192022-01-05 10:01:44.209root 11241100x80000000000000006957166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda1e810c3e8309d2022-01-05 10:01:44.209root 11241100x80000000000000006957167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e170023f41cece0a2022-01-05 10:01:44.209root 11241100x80000000000000006957168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7aa15e35144b202022-01-05 10:01:44.209root 11241100x80000000000000006957169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa21fd97153324fa2022-01-05 10:01:44.209root 11241100x80000000000000006957170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530f9d07f6e1e3a52022-01-05 10:01:44.210root 11241100x80000000000000006957171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76632ec3e9715f592022-01-05 10:01:44.460root 11241100x80000000000000006957172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d76f72884a82cb92022-01-05 10:01:44.460root 11241100x80000000000000006957173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb93ab51daa127fe2022-01-05 10:01:44.461root 11241100x80000000000000006957174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669bf6b132c866ee2022-01-05 10:01:44.461root 11241100x80000000000000006957175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212d361714b74a4c2022-01-05 10:01:44.461root 11241100x80000000000000006957176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf09079e57f6c6592022-01-05 10:01:44.462root 11241100x80000000000000006957177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f34482abd0cd82022-01-05 10:01:44.462root 11241100x80000000000000006957178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa06486c8871944e2022-01-05 10:01:44.463root 11241100x80000000000000006957179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fab5a9a2fd17b02022-01-05 10:01:44.463root 11241100x80000000000000006957180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa7e41dabd45c522022-01-05 10:01:44.464root 11241100x80000000000000006957181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c578755b190acbb82022-01-05 10:01:44.464root 11241100x80000000000000006957182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cab13d46139d922022-01-05 10:01:44.465root 11241100x80000000000000006957183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bf51ba90445f7b2022-01-05 10:01:44.465root 11241100x80000000000000006957184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1876544ae5acc122022-01-05 10:01:44.465root 11241100x80000000000000006957185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d83d697db32b2fe2022-01-05 10:01:44.465root 11241100x80000000000000006957186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb564a02692db1662022-01-05 10:01:44.465root 11241100x80000000000000006957187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346f30fc7e792d0c2022-01-05 10:01:44.465root 11241100x80000000000000006957188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c6fe09817453d62022-01-05 10:01:44.465root 11241100x80000000000000006957189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bdbe675d07bede2022-01-05 10:01:44.466root 11241100x80000000000000006957190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98ce598c4ed5ab2022-01-05 10:01:44.466root 11241100x80000000000000006957191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9e189ac79efb662022-01-05 10:01:44.466root 11241100x80000000000000006957192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc2b0f5f71a795c2022-01-05 10:01:44.466root 11241100x80000000000000006957193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a630381b73e183a72022-01-05 10:01:44.466root 11241100x80000000000000006957194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23242dda3ee29f12022-01-05 10:01:44.467root 11241100x80000000000000006957195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d3a22d4fba82c72022-01-05 10:01:44.467root 11241100x80000000000000006957196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fd1fef1977380a2022-01-05 10:01:44.467root 11241100x80000000000000006957197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba6186ea5e11b472022-01-05 10:01:44.467root 11241100x80000000000000006957198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5681c108c1c0f512022-01-05 10:01:44.467root 11241100x80000000000000006957199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89da47e3585a00c2022-01-05 10:01:44.467root 11241100x80000000000000006957200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed465e9da174f8d22022-01-05 10:01:44.468root 11241100x80000000000000006957201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bf9fd53e5c9b3c2022-01-05 10:01:44.468root 11241100x80000000000000006957202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f23afec12ad3222022-01-05 10:01:44.468root 11241100x80000000000000006957203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e37071b92aac052022-01-05 10:01:44.468root 11241100x80000000000000006957204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3927179f7229802022-01-05 10:01:44.468root 11241100x80000000000000006957205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af75fc29ac5f4d02022-01-05 10:01:44.468root 11241100x80000000000000006957206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8c4da3c1b59232022-01-05 10:01:44.469root 11241100x80000000000000006957207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a737c270996c0d662022-01-05 10:01:44.469root 11241100x80000000000000006957208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de7ff4d845db94b2022-01-05 10:01:44.469root 11241100x80000000000000006957209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f0f515bba02fd72022-01-05 10:01:44.469root 11241100x80000000000000006957210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5515f26ad9ee31e32022-01-05 10:01:44.470root 11241100x80000000000000006957211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e1c21a70c4d5982022-01-05 10:01:44.470root 11241100x80000000000000006957212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1830f7507f3438442022-01-05 10:01:44.470root 11241100x80000000000000006957213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7d95f4f80268e52022-01-05 10:01:44.470root 11241100x80000000000000006957214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b043fa0c1e71fa122022-01-05 10:01:44.471root 11241100x80000000000000006957215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e1010a0a9f71ee2022-01-05 10:01:44.471root 11241100x80000000000000006957216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4ad91c23934aa52022-01-05 10:01:44.471root 11241100x80000000000000006957217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c5312afac60e102022-01-05 10:01:44.471root 11241100x80000000000000006957218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9849a46aa0a1ddcc2022-01-05 10:01:44.471root 11241100x80000000000000006957219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8444f9a16f132de12022-01-05 10:01:44.960root 11241100x80000000000000006957220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed83a78af0138cb72022-01-05 10:01:44.960root 11241100x80000000000000006957221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9eb5eb24340cc12022-01-05 10:01:44.960root 11241100x80000000000000006957222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297d78a1830eb31e2022-01-05 10:01:44.961root 11241100x80000000000000006957223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef23c535092ab0f2022-01-05 10:01:44.961root 11241100x80000000000000006957224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdcce5e44ad2f2f2022-01-05 10:01:44.961root 11241100x80000000000000006957225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d9e01c0894220f2022-01-05 10:01:44.961root 11241100x80000000000000006957226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ae98cd2c01340c2022-01-05 10:01:44.962root 11241100x80000000000000006957227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6559b9ef0ee0353d2022-01-05 10:01:44.962root 11241100x80000000000000006957228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182ff51c0e8a3cc62022-01-05 10:01:44.962root 11241100x80000000000000006957229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56475e55646196dd2022-01-05 10:01:44.962root 11241100x80000000000000006957230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6444c7d9bd76d82022-01-05 10:01:44.962root 11241100x80000000000000006957231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8449b49f3c8a6e5e2022-01-05 10:01:44.962root 11241100x80000000000000006957232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c86dd971a41b3592022-01-05 10:01:44.962root 11241100x80000000000000006957233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aa310ddcf380212022-01-05 10:01:44.962root 11241100x80000000000000006957234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88c485570f66c182022-01-05 10:01:44.962root 11241100x80000000000000006957235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d437451908a0132022-01-05 10:01:44.962root 11241100x80000000000000006957236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a0321673c54682022-01-05 10:01:44.962root 11241100x80000000000000006957237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed323ddfc3c7e82022-01-05 10:01:44.962root 11241100x80000000000000006957238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff68fae35a4abf832022-01-05 10:01:44.963root 11241100x80000000000000006957239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123f4d42efb760642022-01-05 10:01:44.963root 11241100x80000000000000006957240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875f588b6ca2c69e2022-01-05 10:01:44.963root 11241100x80000000000000006957241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa072e78038dc3392022-01-05 10:01:44.963root 11241100x80000000000000006957242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddf29523b8ebcbe2022-01-05 10:01:44.963root 11241100x80000000000000006957243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c689b50e9a8b2edf2022-01-05 10:01:44.963root 11241100x80000000000000006957244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9e02dc272fc1f22022-01-05 10:01:44.964root 11241100x80000000000000006957245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c44656b2d9d2092022-01-05 10:01:44.964root 11241100x80000000000000006957246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202b4b15f99bd8b42022-01-05 10:01:44.964root 11241100x80000000000000006957247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f72c5c8854b1662022-01-05 10:01:44.964root 11241100x80000000000000006957248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935708cba9c31a522022-01-05 10:01:44.964root 11241100x80000000000000006957249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b9096d4a3e38a82022-01-05 10:01:44.964root 11241100x80000000000000006957250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc2893c62b142822022-01-05 10:01:44.964root 11241100x80000000000000006957251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c7b1b5405dbeea2022-01-05 10:01:44.964root 11241100x80000000000000006957252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7abaaf066c618b2022-01-05 10:01:44.964root 11241100x80000000000000006957253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7dd2ff1d7b2bb12022-01-05 10:01:44.964root 11241100x80000000000000006957254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c070f0ee5e2bcf5c2022-01-05 10:01:44.964root 11241100x80000000000000006957255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f907398c86a4922022-01-05 10:01:44.964root 11241100x80000000000000006957256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8058da3fd2414c3f2022-01-05 10:01:44.965root 11241100x80000000000000006957257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528dca6abe534a372022-01-05 10:01:44.965root 11241100x80000000000000006957258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffdb16e6df19a542022-01-05 10:01:45.459root 11241100x80000000000000006957259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb48f31d9b7fad062022-01-05 10:01:45.459root 11241100x80000000000000006957260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a42049acd367b2022-01-05 10:01:45.460root 11241100x80000000000000006957261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b630b35610ef1b2c2022-01-05 10:01:45.460root 11241100x80000000000000006957262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f7cb6f28f0ea592022-01-05 10:01:45.460root 11241100x80000000000000006957263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2474b99203db563b2022-01-05 10:01:45.460root 11241100x80000000000000006957264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c223917b65f707e2022-01-05 10:01:45.460root 11241100x80000000000000006957265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377ec0fa1a3d72962022-01-05 10:01:45.460root 11241100x80000000000000006957266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde8efb4c886cb8c2022-01-05 10:01:45.460root 11241100x80000000000000006957267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55867b923fe442c2022-01-05 10:01:45.460root 11241100x80000000000000006957268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d4147071cbbeb42022-01-05 10:01:45.461root 11241100x80000000000000006957269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0661b642df3d4262022-01-05 10:01:45.461root 11241100x80000000000000006957270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c21c1e086efd7022022-01-05 10:01:45.461root 11241100x80000000000000006957271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3828c04e31a0152022-01-05 10:01:45.461root 11241100x80000000000000006957272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1e4de37dbcabab2022-01-05 10:01:45.461root 11241100x80000000000000006957273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec5390a5eee90392022-01-05 10:01:45.461root 11241100x80000000000000006957274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014b2d1cd1db07ef2022-01-05 10:01:45.461root 11241100x80000000000000006957275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4ee741a42301e22022-01-05 10:01:45.461root 11241100x80000000000000006957276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54b501f83ccd7922022-01-05 10:01:45.461root 11241100x80000000000000006957277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14aad20484c11f122022-01-05 10:01:45.461root 11241100x80000000000000006957278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6fc497662ca6782022-01-05 10:01:45.461root 11241100x80000000000000006957279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c83b659c8b43b32022-01-05 10:01:45.462root 11241100x80000000000000006957280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6262f9871674b6e2022-01-05 10:01:45.462root 11241100x80000000000000006957281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8b2eedcb154bd32022-01-05 10:01:45.462root 11241100x80000000000000006957282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f153e49bf3a6450d2022-01-05 10:01:45.462root 11241100x80000000000000006957283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43182727f561f9c42022-01-05 10:01:45.462root 11241100x80000000000000006957284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61171de3716195552022-01-05 10:01:45.462root 11241100x80000000000000006957285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075edea929df38242022-01-05 10:01:45.462root 11241100x80000000000000006957286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb246254fbd56c3c2022-01-05 10:01:45.462root 11241100x80000000000000006957287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7a77b7404d0b232022-01-05 10:01:45.462root 11241100x80000000000000006957288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a3b31e61104ae2022-01-05 10:01:45.462root 11241100x80000000000000006957289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1be20811c2d7402022-01-05 10:01:45.462root 11241100x80000000000000006957290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cc97fd416e1b262022-01-05 10:01:45.462root 11241100x80000000000000006957291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b6ccb94d7277902022-01-05 10:01:45.462root 11241100x80000000000000006957292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cf644ef8eef50c2022-01-05 10:01:45.462root 11241100x80000000000000006957293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78282c5c00f282c72022-01-05 10:01:45.463root 11241100x80000000000000006957294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb368009623757d72022-01-05 10:01:45.463root 11241100x80000000000000006957295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fe0313a9b926072022-01-05 10:01:45.463root 11241100x80000000000000006957296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3671e0a0642d46b02022-01-05 10:01:45.463root 354300x80000000000000006957297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.552{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse47.253.45.0-47056-false10.0.1.25-22- 11241100x80000000000000006957298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.552{ec2e79f3-6c89-61d5-0000-000000000000}23003/usr/sbin/sshd/proc/23003/oom_score_adj2022-01-05 10:01:45.552root 154100x80000000000000006957299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.552{ec2e79f3-6c89-61d5-e0d7-c3c299550000}23003/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 534500x80000000000000006957300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.667{ec2e79f3-6c89-61d5-e0d7-c3c299550000}23003/usr/sbin/sshdroot 11241100x80000000000000006957301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab3f5aa08ef71b92022-01-05 10:01:45.960root 11241100x80000000000000006957302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af839e42ae65301f2022-01-05 10:01:45.960root 11241100x80000000000000006957303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3a5adf4950fff82022-01-05 10:01:45.960root 11241100x80000000000000006957304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a11fab7fe482d22022-01-05 10:01:45.960root 11241100x80000000000000006957305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edce04f9707f09c12022-01-05 10:01:45.960root 11241100x80000000000000006957306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ee0992280a8a932022-01-05 10:01:45.960root 11241100x80000000000000006957307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be828d141aa552d92022-01-05 10:01:45.960root 11241100x80000000000000006957308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646f8aaadd5764e92022-01-05 10:01:45.960root 11241100x80000000000000006957309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bfc5978ae57f242022-01-05 10:01:45.961root 11241100x80000000000000006957310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4e7721357359d52022-01-05 10:01:45.961root 11241100x80000000000000006957311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e8c75d83c6d9742022-01-05 10:01:45.961root 11241100x80000000000000006957312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0204757031bd64882022-01-05 10:01:45.961root 11241100x80000000000000006957313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc793784cf9458fa2022-01-05 10:01:45.961root 11241100x80000000000000006957314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc3142ba4d12a792022-01-05 10:01:45.961root 11241100x80000000000000006957315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7654cea762b2ec572022-01-05 10:01:45.961root 11241100x80000000000000006957316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d121a93b3f001e2022-01-05 10:01:45.961root 11241100x80000000000000006957317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de37f6af8a6be302022-01-05 10:01:45.961root 11241100x80000000000000006957318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcd822979d4795c2022-01-05 10:01:45.962root 11241100x80000000000000006957319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ef46ad9990170d2022-01-05 10:01:45.962root 11241100x80000000000000006957320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476954720019a8662022-01-05 10:01:45.962root 11241100x80000000000000006957321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3420c4296afcc442022-01-05 10:01:45.962root 11241100x80000000000000006957322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47737565bbec61f72022-01-05 10:01:45.962root 11241100x80000000000000006957323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3b4fd4e4392a332022-01-05 10:01:45.962root 11241100x80000000000000006957324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0f6d187564cc552022-01-05 10:01:45.962root 11241100x80000000000000006957325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150708d771fc48712022-01-05 10:01:45.963root 11241100x80000000000000006957326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a4b51e268088002022-01-05 10:01:45.963root 11241100x80000000000000006957327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad28668b90577acd2022-01-05 10:01:45.963root 11241100x80000000000000006957328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a7debe7178661e2022-01-05 10:01:45.963root 11241100x80000000000000006957329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a3d18808398e602022-01-05 10:01:45.963root 11241100x80000000000000006957330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2353e30732e57732022-01-05 10:01:45.963root 11241100x80000000000000006957331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32a636652f54a492022-01-05 10:01:45.963root 11241100x80000000000000006957332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4455b3b717643c622022-01-05 10:01:45.963root 11241100x80000000000000006957333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff24a7014d0589b32022-01-05 10:01:45.963root 11241100x80000000000000006957334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c4af2aeb9fd0162022-01-05 10:01:45.963root 11241100x80000000000000006957335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c343c797fccb08222022-01-05 10:01:45.963root 11241100x80000000000000006957336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe1e19e8c6719422022-01-05 10:01:45.963root 11241100x80000000000000006957337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e30d9fe7e2399cd2022-01-05 10:01:45.963root 11241100x80000000000000006957338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aee83a5d026e4582022-01-05 10:01:45.963root 11241100x80000000000000006957339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab59b18d2ebc7a82022-01-05 10:01:45.963root 11241100x80000000000000006957340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1891dd926c2ff252022-01-05 10:01:45.964root 11241100x80000000000000006957341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146a26629a689fa62022-01-05 10:01:45.964root 11241100x80000000000000006957342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff38ccfdc4371732022-01-05 10:01:45.964root 11241100x80000000000000006957343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d579d5f2fbbc92f2022-01-05 10:01:45.964root 11241100x80000000000000006957344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95651deef47ccaed2022-01-05 10:01:45.964root 11241100x80000000000000006957345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa9c4d1295d516f2022-01-05 10:01:45.964root 11241100x80000000000000006957346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d9ca45a4a01962022-01-05 10:01:45.964root 11241100x80000000000000006957347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973cc26c6e5de17c2022-01-05 10:01:45.964root 11241100x80000000000000006957348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417177996bc82fc52022-01-05 10:01:45.964root 11241100x80000000000000006957349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1726c2fc01e6780f2022-01-05 10:01:45.964root 11241100x80000000000000006957350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3865a0843972952022-01-05 10:01:45.964root 11241100x80000000000000006957351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e54172108458122022-01-05 10:01:45.964root 11241100x80000000000000006957352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe49c1142b16d14f2022-01-05 10:01:45.964root 11241100x80000000000000006957353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa017132a0bcd962022-01-05 10:01:45.964root 11241100x80000000000000006957354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7192aa3359393dcc2022-01-05 10:01:45.964root 11241100x80000000000000006957355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010697d9a89b990a2022-01-05 10:01:45.964root 11241100x80000000000000006957356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2713ca019475b32022-01-05 10:01:46.460root 11241100x80000000000000006957357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4f436d110902612022-01-05 10:01:46.460root 11241100x80000000000000006957358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a654033b71a24782022-01-05 10:01:46.460root 11241100x80000000000000006957359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3d08b9921a20aa2022-01-05 10:01:46.460root 11241100x80000000000000006957360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8b40b4c1efc41d2022-01-05 10:01:46.460root 11241100x80000000000000006957361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f7b03dfec92bbc2022-01-05 10:01:46.460root 11241100x80000000000000006957362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6212a27cf4cf31c2022-01-05 10:01:46.461root 11241100x80000000000000006957363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dc1e1759aa1a402022-01-05 10:01:46.461root 11241100x80000000000000006957364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1032a83bfbfe33d2022-01-05 10:01:46.461root 11241100x80000000000000006957365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a120fbed756f46c52022-01-05 10:01:46.461root 11241100x80000000000000006957366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dfc7c46456021c2022-01-05 10:01:46.461root 11241100x80000000000000006957367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76456ed1e3e2c0862022-01-05 10:01:46.461root 11241100x80000000000000006957368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4445f047696b5bd2022-01-05 10:01:46.461root 11241100x80000000000000006957369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62665a51821fa55f2022-01-05 10:01:46.461root 11241100x80000000000000006957370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeb8b4ec21857c12022-01-05 10:01:46.461root 11241100x80000000000000006957371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ac29ad058d604d2022-01-05 10:01:46.461root 11241100x80000000000000006957372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481dd521de7a4f262022-01-05 10:01:46.461root 11241100x80000000000000006957373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3df81054a0cc0e2022-01-05 10:01:46.462root 11241100x80000000000000006957374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e30eb2377728272022-01-05 10:01:46.462root 11241100x80000000000000006957375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e73b096a44d72042022-01-05 10:01:46.462root 11241100x80000000000000006957376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa915eb559b79bf42022-01-05 10:01:46.462root 11241100x80000000000000006957377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541716ef4716d36e2022-01-05 10:01:46.462root 11241100x80000000000000006957378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ed82301decf29b2022-01-05 10:01:46.462root 11241100x80000000000000006957379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150d72cbe2b9e8362022-01-05 10:01:46.462root 11241100x80000000000000006957380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fcd34d29045a1e2022-01-05 10:01:46.462root 11241100x80000000000000006957381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37f34534e7effe92022-01-05 10:01:46.462root 11241100x80000000000000006957382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0e139660056fa42022-01-05 10:01:46.462root 11241100x80000000000000006957383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b01d2b69719a232022-01-05 10:01:46.462root 11241100x80000000000000006957384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a22a67bd6c157c2022-01-05 10:01:46.462root 11241100x80000000000000006957385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c654683007a2122022-01-05 10:01:46.462root 11241100x80000000000000006957386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b710c639b6b5712022-01-05 10:01:46.462root 11241100x80000000000000006957387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0df9573c7cec9b2022-01-05 10:01:46.462root 11241100x80000000000000006957388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34efeb11e0be93c62022-01-05 10:01:46.463root 11241100x80000000000000006957389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b2b0d6c120b41f2022-01-05 10:01:46.463root 11241100x80000000000000006957390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc4fa096c61857b2022-01-05 10:01:46.463root 11241100x80000000000000006957391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c140929bf3e42122022-01-05 10:01:46.463root 11241100x80000000000000006957392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42daf144212737292022-01-05 10:01:46.463root 11241100x80000000000000006957393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60afddce8d6fe4f2022-01-05 10:01:46.463root 11241100x80000000000000006957394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fbfb055056f16e2022-01-05 10:01:46.463root 11241100x80000000000000006957395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb681d4c80ba23d2022-01-05 10:01:46.463root 11241100x80000000000000006957396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24265847806a33da2022-01-05 10:01:46.463root 11241100x80000000000000006957397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb070f7245910482022-01-05 10:01:46.463root 11241100x80000000000000006957398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b387ac648b6383862022-01-05 10:01:46.959root 11241100x80000000000000006957399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06377b296755dc02022-01-05 10:01:46.959root 11241100x80000000000000006957400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744550fea68467932022-01-05 10:01:46.959root 11241100x80000000000000006957401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c871707999e920ed2022-01-05 10:01:46.960root 11241100x80000000000000006957402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a94aa9ec638a72022-01-05 10:01:46.960root 11241100x80000000000000006957403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc48c4d135164afc2022-01-05 10:01:46.960root 11241100x80000000000000006957404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd77d292a8e648c2022-01-05 10:01:46.960root 11241100x80000000000000006957405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b905598fe09c4d2022-01-05 10:01:46.960root 11241100x80000000000000006957406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d09c7da250bbbe2022-01-05 10:01:46.960root 11241100x80000000000000006957407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f373ace2111a38262022-01-05 10:01:46.960root 11241100x80000000000000006957408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ca84dcf23c827d2022-01-05 10:01:46.960root 11241100x80000000000000006957409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f0a0c425623f202022-01-05 10:01:46.960root 11241100x80000000000000006957410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c18ad182a385f242022-01-05 10:01:46.960root 11241100x80000000000000006957411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1fa5bf42400f332022-01-05 10:01:46.961root 11241100x80000000000000006957412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326b5e263d1f9fe72022-01-05 10:01:46.961root 11241100x80000000000000006957413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3474f83441274a2e2022-01-05 10:01:46.961root 11241100x80000000000000006957414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de700c4d011e7b9d2022-01-05 10:01:46.961root 11241100x80000000000000006957415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea7cd1968faa0912022-01-05 10:01:46.961root 11241100x80000000000000006957416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111152177084732b2022-01-05 10:01:46.961root 11241100x80000000000000006957417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d2cb22377f39162022-01-05 10:01:46.961root 11241100x80000000000000006957418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e70ed38b6a07782022-01-05 10:01:46.961root 11241100x80000000000000006957419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd7729b956dbd3b2022-01-05 10:01:46.961root 11241100x80000000000000006957420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5c811c90e9b8b82022-01-05 10:01:46.961root 11241100x80000000000000006957421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aceb2462ffcbde2022-01-05 10:01:46.962root 11241100x80000000000000006957422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f81a544b366720e2022-01-05 10:01:46.962root 11241100x80000000000000006957423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bc4b06c1ad4a2d2022-01-05 10:01:46.962root 11241100x80000000000000006957424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa141224c07279ff2022-01-05 10:01:46.962root 11241100x80000000000000006957425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0183bfc3c3a4a9cc2022-01-05 10:01:46.962root 11241100x80000000000000006957426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daaad179b998a6d2022-01-05 10:01:46.962root 11241100x80000000000000006957427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ced6d1c2b221d32022-01-05 10:01:46.962root 11241100x80000000000000006957428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e644f61d6cf0ff7d2022-01-05 10:01:46.962root 11241100x80000000000000006957429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f5709f35e60b5e2022-01-05 10:01:46.962root 11241100x80000000000000006957430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01db665807c15f2e2022-01-05 10:01:46.962root 11241100x80000000000000006957431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b1335d288f60732022-01-05 10:01:46.962root 11241100x80000000000000006957432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6964b4bacdbce7302022-01-05 10:01:46.962root 11241100x80000000000000006957433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc2a5b8a27516612022-01-05 10:01:46.963root 11241100x80000000000000006957434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502430c914491a1c2022-01-05 10:01:46.963root 11241100x80000000000000006957435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e121e8a20b8ab4f12022-01-05 10:01:46.963root 11241100x80000000000000006957436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b320506951b69b4a2022-01-05 10:01:46.963root 11241100x80000000000000006957437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22a6e4053629eca2022-01-05 10:01:46.963root 11241100x80000000000000006957438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c2d1487517abe12022-01-05 10:01:46.963root 11241100x80000000000000006957439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2db1b844016c2fc2022-01-05 10:01:46.963root 11241100x80000000000000006957440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9749e61d14c704ef2022-01-05 10:01:46.963root 11241100x80000000000000006957441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbeee5d3944ab682022-01-05 10:01:46.963root 11241100x80000000000000006957442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2939b477006486cf2022-01-05 10:01:46.963root 11241100x80000000000000006957443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b049c79fd32aa3d2022-01-05 10:01:46.963root 11241100x80000000000000006957444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de8c8a15e4951f2022-01-05 10:01:46.963root 11241100x80000000000000006957445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0317798250b5c92022-01-05 10:01:46.963root 11241100x80000000000000006957446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f71a4d5ecf11b182022-01-05 10:01:46.963root 11241100x80000000000000006957447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e726e3956c0d547c2022-01-05 10:01:46.967root 11241100x80000000000000006957448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8081c164dfd161ec2022-01-05 10:01:46.967root 11241100x80000000000000006957449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c9ac8f20c62eaa2022-01-05 10:01:47.459root 11241100x80000000000000006957450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6675d2327a581f42022-01-05 10:01:47.459root 11241100x80000000000000006957451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810918df6beb17802022-01-05 10:01:47.459root 11241100x80000000000000006957452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66600306b533d7632022-01-05 10:01:47.460root 11241100x80000000000000006957453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020e161b1dcaa7152022-01-05 10:01:47.460root 11241100x80000000000000006957454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40e9166230b53e32022-01-05 10:01:47.460root 11241100x80000000000000006957455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4334ff166b659c072022-01-05 10:01:47.460root 11241100x80000000000000006957456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d54f87dbf25e6702022-01-05 10:01:47.460root 11241100x80000000000000006957457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc6cc7affc485202022-01-05 10:01:47.460root 11241100x80000000000000006957458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dc9a2c8ef864da2022-01-05 10:01:47.460root 11241100x80000000000000006957459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ded2c9d533a356f2022-01-05 10:01:47.460root 11241100x80000000000000006957460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb2ffb952abfdeb2022-01-05 10:01:47.460root 11241100x80000000000000006957461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909bb0ccf2bea2f62022-01-05 10:01:47.460root 11241100x80000000000000006957462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1025bca0588894442022-01-05 10:01:47.461root 11241100x80000000000000006957463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4014a4c6b0a8b9852022-01-05 10:01:47.461root 11241100x80000000000000006957464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60974ce3248d299e2022-01-05 10:01:47.461root 11241100x80000000000000006957465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3e309459dfbe2c2022-01-05 10:01:47.461root 11241100x80000000000000006957466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe37d026ce1caf452022-01-05 10:01:47.461root 11241100x80000000000000006957467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514b0922197d4b922022-01-05 10:01:47.461root 11241100x80000000000000006957468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76ca456ab6618a92022-01-05 10:01:47.461root 11241100x80000000000000006957469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455977493aff44a02022-01-05 10:01:47.461root 11241100x80000000000000006957470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374cd5f48551eee12022-01-05 10:01:47.461root 11241100x80000000000000006957471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de1f39f77a23cbd2022-01-05 10:01:47.461root 11241100x80000000000000006957472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6cf32490fdba492022-01-05 10:01:47.462root 11241100x80000000000000006957473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367637fb24c630b42022-01-05 10:01:47.462root 11241100x80000000000000006957474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1175f817229a06a72022-01-05 10:01:47.462root 11241100x80000000000000006957475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374e892e8f4e83172022-01-05 10:01:47.462root 11241100x80000000000000006957476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64dc9d576f921572022-01-05 10:01:47.462root 11241100x80000000000000006957477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1e968c1ccf5daa2022-01-05 10:01:47.462root 11241100x80000000000000006957478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0463e238f2d8dbae2022-01-05 10:01:47.462root 11241100x80000000000000006957479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3ec8bcd4713ef72022-01-05 10:01:47.462root 11241100x80000000000000006957480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a387a8d2f88c8722022-01-05 10:01:47.462root 11241100x80000000000000006957481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb363f1b760817c52022-01-05 10:01:47.462root 11241100x80000000000000006957482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec5a14d57adda7e2022-01-05 10:01:47.463root 11241100x80000000000000006957483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aa0f916ce1711d2022-01-05 10:01:47.463root 11241100x80000000000000006957484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2901420a2157dedb2022-01-05 10:01:47.463root 11241100x80000000000000006957485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a7552208843c72022-01-05 10:01:47.463root 11241100x80000000000000006957486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940d6741392692e2022-01-05 10:01:47.463root 11241100x80000000000000006957487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69d6c4bfb266312022-01-05 10:01:47.463root 11241100x80000000000000006957488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e3050f0f43d3a82022-01-05 10:01:47.463root 11241100x80000000000000006957489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14fc7d58d5106ca2022-01-05 10:01:47.463root 11241100x80000000000000006957490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d777bd20b74a812022-01-05 10:01:47.463root 11241100x80000000000000006957491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb48594419d854de2022-01-05 10:01:47.463root 11241100x80000000000000006957492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abf8d42eedfa5fd2022-01-05 10:01:47.464root 11241100x80000000000000006957493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c92376950c8ffa2022-01-05 10:01:47.464root 11241100x80000000000000006957494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c1bff4255968e62022-01-05 10:01:47.464root 11241100x80000000000000006957495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e6c82aea25e5222022-01-05 10:01:47.464root 11241100x80000000000000006957496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496cfc7c97b019ba2022-01-05 10:01:47.464root 11241100x80000000000000006957497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.472{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952140b0fa1689392022-01-05 10:01:47.472root 11241100x80000000000000006957498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f55b3182cb7b43a2022-01-05 10:01:47.473root 11241100x80000000000000006957499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5277add3aab85c402022-01-05 10:01:47.473root 11241100x80000000000000006957500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e76de967ce22ab02022-01-05 10:01:47.473root 11241100x80000000000000006957501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369a56aef50d2b1a2022-01-05 10:01:47.473root 11241100x80000000000000006957502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a76ad8d2b50183f2022-01-05 10:01:47.473root 11241100x80000000000000006957503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c97949fad27f7192022-01-05 10:01:47.473root 11241100x80000000000000006957504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd76d5968f7cb522022-01-05 10:01:47.473root 11241100x80000000000000006957505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4229a3567e5881e52022-01-05 10:01:47.473root 11241100x80000000000000006957506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b0957c2a79c92b2022-01-05 10:01:47.473root 11241100x80000000000000006957507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeef7afeaaf865f2022-01-05 10:01:47.474root 11241100x80000000000000006957508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451055438b99a4d62022-01-05 10:01:47.474root 11241100x80000000000000006957509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e35f3d65df9c4162022-01-05 10:01:47.474root 11241100x80000000000000006957510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92326738fada116c2022-01-05 10:01:47.474root 11241100x80000000000000006957511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dadd0fcceb38262022-01-05 10:01:47.474root 11241100x80000000000000006957512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322e62b2b28150532022-01-05 10:01:47.474root 11241100x80000000000000006957513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b34eb35039fdc3f2022-01-05 10:01:47.474root 11241100x80000000000000006957514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dcba65e44366be2022-01-05 10:01:47.474root 11241100x80000000000000006957515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8317d35869b6c3ef2022-01-05 10:01:47.475root 11241100x80000000000000006957516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4d79e6e6e53e12022-01-05 10:01:47.475root 11241100x80000000000000006957517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0033dc3620ce55602022-01-05 10:01:47.475root 154100x80000000000000006957518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-6c8b-61d5-68e4-0862d3550000}23004/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000006957519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772687c28abdd1692022-01-05 10:01:47.475root 11241100x80000000000000006957520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281ad6edb7e7e74d2022-01-05 10:01:47.475root 11241100x80000000000000006957521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b6c1b506487aa42022-01-05 10:01:47.475root 11241100x80000000000000006957522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4451e9331c18b7262022-01-05 10:01:47.475root 11241100x80000000000000006957523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bfd46dd54de5172022-01-05 10:01:47.476root 11241100x80000000000000006957524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d812e85b64f2ca892022-01-05 10:01:47.476root 11241100x80000000000000006957525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ebbc59f539624f2022-01-05 10:01:47.476root 11241100x80000000000000006957526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfda3aa1ae2c0ef2022-01-05 10:01:47.476root 11241100x80000000000000006957527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1019c260340210f42022-01-05 10:01:47.476root 11241100x80000000000000006957528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa6daea08a8effa2022-01-05 10:01:47.476root 11241100x80000000000000006957529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.477{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb6928d00813f662022-01-05 10:01:47.477root 11241100x80000000000000006957530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.477{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f15e89c0e590452022-01-05 10:01:47.477root 11241100x80000000000000006957531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.477{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9194b9e6254915ba2022-01-05 10:01:47.477root 11241100x80000000000000006957532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.477{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3432a47a5398630e2022-01-05 10:01:47.477root 11241100x80000000000000006957533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.478{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e27eab647da2ce2022-01-05 10:01:47.478root 11241100x80000000000000006957534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.478{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a94cde5678f1812022-01-05 10:01:47.478root 11241100x80000000000000006957535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.478{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45274bb9eaedd2482022-01-05 10:01:47.478root 11241100x80000000000000006957536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.478{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79dbf169a4e42042022-01-05 10:01:47.478root 11241100x80000000000000006957537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.479{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6af67cf8e062aab2022-01-05 10:01:47.479root 11241100x80000000000000006957538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.479{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7654c1961afe0ca52022-01-05 10:01:47.479root 11241100x80000000000000006957539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.479{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac6146de1363bd32022-01-05 10:01:47.479root 11241100x80000000000000006957540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.479{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d43983fc37f8aa42022-01-05 10:01:47.479root 11241100x80000000000000006957541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541ce9da90ec267b2022-01-05 10:01:47.480root 11241100x80000000000000006957542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be3f17b1245b402022-01-05 10:01:47.480root 11241100x80000000000000006957543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494c2abdfcdb5b222022-01-05 10:01:47.480root 11241100x80000000000000006957544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378c90222281de0c2022-01-05 10:01:47.480root 11241100x80000000000000006957545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5785183ed7bd432022-01-05 10:01:47.480root 11241100x80000000000000006957546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.481{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79a44d8bfad70252022-01-05 10:01:47.481root 11241100x80000000000000006957547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.481{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d689657fe1d8652022-01-05 10:01:47.481root 11241100x80000000000000006957548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.481{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e86bd057fc9ad52022-01-05 10:01:47.481root 11241100x80000000000000006957549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.481{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559fa4465a47e2872022-01-05 10:01:47.481root 534500x80000000000000006957550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.493{ec2e79f3-6c8b-61d5-68e4-0862d3550000}23004/bin/psroot 354300x80000000000000006957551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.905{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse47.253.45.0-47324-false10.0.1.25-22- 11241100x80000000000000006957552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.906{ec2e79f3-6c8b-61d5-0000-000000000000}23005/usr/sbin/sshd/proc/23005/oom_score_adj2022-01-05 10:01:47.906root 154100x80000000000000006957553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.906{ec2e79f3-6c8b-61d5-e007-50820b560000}23005/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 11241100x80000000000000006957554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff176c13e3ccf5222022-01-05 10:01:47.907root 11241100x80000000000000006957555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa54bdc5205610012022-01-05 10:01:47.907root 11241100x80000000000000006957556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f40fafc782fb3e62022-01-05 10:01:47.907root 11241100x80000000000000006957557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8e7881d577ef832022-01-05 10:01:47.907root 11241100x80000000000000006957558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf9d0e6366902b32022-01-05 10:01:47.907root 11241100x80000000000000006957559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5dc92205909baa2022-01-05 10:01:47.907root 11241100x80000000000000006957560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66519960dc51d1602022-01-05 10:01:47.907root 11241100x80000000000000006957561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93273310d7921baa2022-01-05 10:01:47.908root 11241100x80000000000000006957562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11dc472ccaf4caf2022-01-05 10:01:47.908root 11241100x80000000000000006957563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60927e9c0c983ee72022-01-05 10:01:47.908root 11241100x80000000000000006957564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1972481c74a0cd8a2022-01-05 10:01:47.908root 11241100x80000000000000006957565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c302231fea417b42022-01-05 10:01:47.908root 11241100x80000000000000006957566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704635f20d39a0392022-01-05 10:01:47.908root 11241100x80000000000000006957567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5da75edf9e06bc22022-01-05 10:01:47.908root 11241100x80000000000000006957568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26387b0a8757a2f2022-01-05 10:01:47.908root 11241100x80000000000000006957569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe68fc95427a10332022-01-05 10:01:47.908root 11241100x80000000000000006957570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbad9fc69c1f1be02022-01-05 10:01:47.908root 11241100x80000000000000006957571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0f9eab552a09ba2022-01-05 10:01:47.909root 11241100x80000000000000006957572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f822c24b43f46f542022-01-05 10:01:47.909root 11241100x80000000000000006957573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98322b49dc39ef42022-01-05 10:01:47.909root 11241100x80000000000000006957574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a726b95ea4884d92022-01-05 10:01:47.909root 11241100x80000000000000006957575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afdd3091076fd952022-01-05 10:01:47.909root 11241100x80000000000000006957576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f2a810c55e1c42022-01-05 10:01:47.909root 11241100x80000000000000006957577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d17e4e51ebad542022-01-05 10:01:47.909root 11241100x80000000000000006957578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990cbb0357c1975e2022-01-05 10:01:47.909root 11241100x80000000000000006957579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b665f0e47e6f4982022-01-05 10:01:47.909root 11241100x80000000000000006957580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27a601b7f1c50822022-01-05 10:01:47.909root 11241100x80000000000000006957581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb03e25a31ed7ca2022-01-05 10:01:47.909root 11241100x80000000000000006957582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cb02bbe0c91c5c2022-01-05 10:01:47.910root 11241100x80000000000000006957583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa9dd13b908146b2022-01-05 10:01:47.910root 11241100x80000000000000006957584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd22f1e72655462022-01-05 10:01:47.910root 11241100x80000000000000006957585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79906e3d648466e42022-01-05 10:01:47.910root 11241100x80000000000000006957586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e9a26827dac6562022-01-05 10:01:47.910root 11241100x80000000000000006957587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d9214fcff9f99a2022-01-05 10:01:47.910root 11241100x80000000000000006957588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af63b75cd44870792022-01-05 10:01:47.910root 11241100x80000000000000006957589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20113e1b91068bed2022-01-05 10:01:47.910root 11241100x80000000000000006957590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608e1aaf5d09c6c22022-01-05 10:01:47.910root 11241100x80000000000000006957591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ea94f06f4bf9c62022-01-05 10:01:47.910root 11241100x80000000000000006957592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d95c4ddefdc8f62022-01-05 10:01:47.912root 11241100x80000000000000006957593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a96fe9aea294de22022-01-05 10:01:47.912root 11241100x80000000000000006957594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21ca5d58151239c2022-01-05 10:01:47.912root 11241100x80000000000000006957595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95916bc86d4e223c2022-01-05 10:01:47.912root 11241100x80000000000000006957596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2fc0ab003a0ae12022-01-05 10:01:47.912root 11241100x80000000000000006957597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.913{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc501d4454a5da812022-01-05 10:01:47.913root 11241100x80000000000000006957598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.913{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c706f4b35ba892eb2022-01-05 10:01:47.913root 11241100x80000000000000006957599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.913{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274770865376a58d2022-01-05 10:01:47.913root 11241100x80000000000000006957600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.915{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0102978654dccd622022-01-05 10:01:47.915root 11241100x80000000000000006957601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.915{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edceb36d983645f42022-01-05 10:01:47.915root 11241100x80000000000000006957602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.915{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15226f2090365ec2022-01-05 10:01:47.915root 11241100x80000000000000006957603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.915{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd5f12ce93238da2022-01-05 10:01:47.915root 11241100x80000000000000006957604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.916{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ed74f9ebb02e862022-01-05 10:01:47.916root 11241100x80000000000000006957605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.916{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6366c1912f6dd3e2022-01-05 10:01:47.916root 11241100x80000000000000006957606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.916{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3978a11fb48af4392022-01-05 10:01:47.916root 11241100x80000000000000006957607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.916{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b4838ba6144f452022-01-05 10:01:47.916root 11241100x80000000000000006957608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3809fc957c60af4b2022-01-05 10:01:47.917root 11241100x80000000000000006957609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e36666a28986e1e2022-01-05 10:01:47.917root 11241100x80000000000000006957610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32e135e00380a6b2022-01-05 10:01:47.917root 11241100x80000000000000006957611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf1653c2d7618c52022-01-05 10:01:47.917root 11241100x80000000000000006957612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725f8c76979d65502022-01-05 10:01:47.917root 11241100x80000000000000006957613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.918{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d3c7bfd60e42122022-01-05 10:01:47.918root 11241100x80000000000000006957614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.918{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86811cdef48d1eef2022-01-05 10:01:47.918root 11241100x80000000000000006957615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.918{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcf9aaf1f90338e2022-01-05 10:01:47.918root 11241100x80000000000000006957616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c685e1015eaff72022-01-05 10:01:47.919root 11241100x80000000000000006957617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d0a1953e2215bb2022-01-05 10:01:47.919root 11241100x80000000000000006957618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6d9da5ae891a872022-01-05 10:01:47.919root 11241100x80000000000000006957619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb185eb05bc5cdb2022-01-05 10:01:47.919root 11241100x80000000000000006957620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b919f7ad05706d2022-01-05 10:01:47.919root 11241100x80000000000000006957621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.920{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98f3a6a5d1d950c2022-01-05 10:01:47.920root 11241100x80000000000000006957622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.920{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cdc92da857a1fd2022-01-05 10:01:47.920root 11241100x80000000000000006957623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.920{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eaf1fb266ad2bb2022-01-05 10:01:47.920root 11241100x80000000000000006957624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.920{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d12cc3dd66acec2022-01-05 10:01:47.920root 11241100x80000000000000006957625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.921{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6830c7f340c1064a2022-01-05 10:01:47.921root 11241100x80000000000000006957626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.921{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad5deb8cdb56a682022-01-05 10:01:47.921root 11241100x80000000000000006957627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.921{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236c29957d2c1a852022-01-05 10:01:47.921root 11241100x80000000000000006957628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b315a2530f8213d2022-01-05 10:01:47.923root 11241100x80000000000000006957629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee52d1329bd9d202022-01-05 10:01:47.923root 11241100x80000000000000006957630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e73e5d42c768c0f2022-01-05 10:01:47.923root 11241100x80000000000000006957631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f68d76638ba90ad2022-01-05 10:01:47.923root 11241100x80000000000000006957632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae6f5fdb2941c372022-01-05 10:01:47.923root 11241100x80000000000000006957633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823f13a8c8a5b3c52022-01-05 10:01:47.923root 11241100x80000000000000006957634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c75889c1053dcc2022-01-05 10:01:47.925root 11241100x80000000000000006957635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33acc193475bac52022-01-05 10:01:47.925root 11241100x80000000000000006957636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c55d16a234559e2022-01-05 10:01:47.925root 11241100x80000000000000006957637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b343c958d1f8a0d02022-01-05 10:01:47.925root 11241100x80000000000000006957638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308e52a87fa334e82022-01-05 10:01:47.925root 11241100x80000000000000006957639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.926{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab60fcbaf8f0a6f12022-01-05 10:01:47.926root 11241100x80000000000000006957640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.926{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f1d7163a90014d2022-01-05 10:01:47.926root 11241100x80000000000000006957641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.926{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80951833ff7edeb72022-01-05 10:01:47.926root 11241100x80000000000000006957642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.927{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eea44379cc92e692022-01-05 10:01:47.927root 11241100x80000000000000006957643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.927{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abbb3ed07c5e7e12022-01-05 10:01:47.927root 11241100x80000000000000006957644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3732790d775f12022-01-05 10:01:48.209root 11241100x80000000000000006957645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cec88aae9808af82022-01-05 10:01:48.209root 11241100x80000000000000006957646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243ee87b17678ea72022-01-05 10:01:48.209root 11241100x80000000000000006957647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd9f571c5f6e5e2022-01-05 10:01:48.209root 11241100x80000000000000006957648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdaf661355304912022-01-05 10:01:48.209root 11241100x80000000000000006957649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74e736ee93237d02022-01-05 10:01:48.210root 11241100x80000000000000006957650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a88d205eedcaa282022-01-05 10:01:48.210root 11241100x80000000000000006957651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e3456e0191ab2e2022-01-05 10:01:48.210root 11241100x80000000000000006957652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fe96821ce57b642022-01-05 10:01:48.210root 11241100x80000000000000006957653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac04c31f78023122022-01-05 10:01:48.210root 11241100x80000000000000006957654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8940b83d182a662022-01-05 10:01:48.211root 11241100x80000000000000006957655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7014db2cbe69ff302022-01-05 10:01:48.211root 11241100x80000000000000006957656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb790392d1d095b22022-01-05 10:01:48.211root 11241100x80000000000000006957657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfff164e61ad9e072022-01-05 10:01:48.211root 11241100x80000000000000006957658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054db367370fb0b52022-01-05 10:01:48.211root 11241100x80000000000000006957659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9694f9d20ed86d02022-01-05 10:01:48.211root 11241100x80000000000000006957660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfa7bfaf35380a62022-01-05 10:01:48.211root 11241100x80000000000000006957661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d6d270d0e188022022-01-05 10:01:48.211root 11241100x80000000000000006957662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7f47e17eab7ddb2022-01-05 10:01:48.212root 11241100x80000000000000006957663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d372fbf44fa4c59f2022-01-05 10:01:48.212root 11241100x80000000000000006957664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5f5ac6b26e52092022-01-05 10:01:48.212root 11241100x80000000000000006957665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c937e9fc090d472022-01-05 10:01:48.212root 11241100x80000000000000006957666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cab69b60c4602a82022-01-05 10:01:48.212root 11241100x80000000000000006957667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef16ade62dc791c2022-01-05 10:01:48.213root 11241100x80000000000000006957668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafe7557ccbeaee92022-01-05 10:01:48.213root 11241100x80000000000000006957669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8af939429295002022-01-05 10:01:48.213root 11241100x80000000000000006957670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b28e4e6106dcab2022-01-05 10:01:48.213root 11241100x80000000000000006957671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb0fd6bcf085b442022-01-05 10:01:48.213root 11241100x80000000000000006957672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fbf04024fbf4452022-01-05 10:01:48.213root 11241100x80000000000000006957673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc5ff265973b1c72022-01-05 10:01:48.213root 11241100x80000000000000006957674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326c1a0c33b3b7672022-01-05 10:01:48.213root 11241100x80000000000000006957675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896462ba0558acd12022-01-05 10:01:48.213root 11241100x80000000000000006957676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43763b3290137412022-01-05 10:01:48.214root 11241100x80000000000000006957677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c457ee6d12856b472022-01-05 10:01:48.214root 11241100x80000000000000006957678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1740a6afcf3bf02a2022-01-05 10:01:48.214root 11241100x80000000000000006957679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acce788436de544d2022-01-05 10:01:48.214root 11241100x80000000000000006957680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8bb1c7699574ff2022-01-05 10:01:48.214root 11241100x80000000000000006957681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c4b69d425bd1e82022-01-05 10:01:48.215root 11241100x80000000000000006957682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad36f540af2d762022-01-05 10:01:48.215root 11241100x80000000000000006957683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caff09cf9f754e892022-01-05 10:01:48.215root 11241100x80000000000000006957684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f261375990f65182022-01-05 10:01:48.215root 11241100x80000000000000006957685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5040e2ed3a5479ae2022-01-05 10:01:48.215root 11241100x80000000000000006957686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905637fe4107751d2022-01-05 10:01:48.215root 11241100x80000000000000006957687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7a1df352fcc8f92022-01-05 10:01:48.215root 11241100x80000000000000006957688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca9a85759700b0d2022-01-05 10:01:48.215root 11241100x80000000000000006957689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e8b7ca0a1e3a8f2022-01-05 10:01:48.216root 11241100x80000000000000006957690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527be9c70f428b542022-01-05 10:01:48.216root 11241100x80000000000000006957691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7676dd7f619585f62022-01-05 10:01:48.216root 11241100x80000000000000006957692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5418b822301d9f2022-01-05 10:01:48.216root 11241100x80000000000000006957693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2968c9dbc47be582022-01-05 10:01:48.216root 11241100x80000000000000006957694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962bce5887da7a732022-01-05 10:01:48.216root 11241100x80000000000000006957695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf16acd2260bf712022-01-05 10:01:48.216root 11241100x80000000000000006957696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53c55b3a1e886302022-01-05 10:01:48.216root 11241100x80000000000000006957697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0842573a118d87412022-01-05 10:01:48.216root 11241100x80000000000000006957698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd29a59bed2ba28c2022-01-05 10:01:48.217root 11241100x80000000000000006957699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0291ead7003b8b322022-01-05 10:01:48.217root 11241100x80000000000000006957700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f2adffa955ece32022-01-05 10:01:48.217root 11241100x80000000000000006957701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec594c0b9a9213bd2022-01-05 10:01:48.217root 11241100x80000000000000006957702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c926d257adaba9cd2022-01-05 10:01:48.217root 11241100x80000000000000006957703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749b39bf6cfa8ebd2022-01-05 10:01:48.217root 11241100x80000000000000006957704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b925352e42e55c2022-01-05 10:01:48.217root 11241100x80000000000000006957705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d105316b080a4a2022-01-05 10:01:48.217root 11241100x80000000000000006957706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38706e6b7d0f97482022-01-05 10:01:48.217root 11241100x80000000000000006957707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ee3c95e07b3b652022-01-05 10:01:48.218root 11241100x80000000000000006957708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac2843c71d410b2022-01-05 10:01:48.218root 11241100x80000000000000006957709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b56e02141aa79a42022-01-05 10:01:48.218root 11241100x80000000000000006957710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9415af9aebaef72022-01-05 10:01:48.218root 11241100x80000000000000006957711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd16b30031bb1ba2022-01-05 10:01:48.218root 11241100x80000000000000006957712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d82a472902a11de2022-01-05 10:01:48.219root 11241100x80000000000000006957713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eafed1127e9e192022-01-05 10:01:48.219root 11241100x80000000000000006957714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdce1d43ae757da32022-01-05 10:01:48.219root 11241100x80000000000000006957715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76adaaf28ba5b7d2022-01-05 10:01:48.219root 11241100x80000000000000006957716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824a26c676d4a9252022-01-05 10:01:48.219root 11241100x80000000000000006957717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088e802dd4aff972022-01-05 10:01:48.710root 11241100x80000000000000006957718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139399af9e96e7112022-01-05 10:01:48.710root 11241100x80000000000000006957719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ef23da5d569c292022-01-05 10:01:48.710root 11241100x80000000000000006957720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2c623de80b7d422022-01-05 10:01:48.710root 11241100x80000000000000006957721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f28f5e2b6b73fd22022-01-05 10:01:48.710root 11241100x80000000000000006957722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2778dab74823792022-01-05 10:01:48.710root 11241100x80000000000000006957723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8b7636d8cc38bc2022-01-05 10:01:48.710root 11241100x80000000000000006957724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fd01205cd6a5642022-01-05 10:01:48.711root 11241100x80000000000000006957725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f64adba81a10f32022-01-05 10:01:48.711root 11241100x80000000000000006957726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165d152f86c1f2fe2022-01-05 10:01:48.711root 11241100x80000000000000006957727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e45653fab4febb2022-01-05 10:01:48.711root 11241100x80000000000000006957728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aa9155f1f1678c2022-01-05 10:01:48.711root 11241100x80000000000000006957729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74a23f7be4b28f52022-01-05 10:01:48.711root 11241100x80000000000000006957730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd2b9f58578d02b2022-01-05 10:01:48.711root 11241100x80000000000000006957731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6593297a3ce0642022-01-05 10:01:48.711root 11241100x80000000000000006957732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da2195c102f9d0e2022-01-05 10:01:48.711root 11241100x80000000000000006957733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306360be2822a412022-01-05 10:01:48.711root 11241100x80000000000000006957734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d92255bceec30af2022-01-05 10:01:48.712root 11241100x80000000000000006957735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279b6ac9b01d55ec2022-01-05 10:01:48.712root 11241100x80000000000000006957736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77273e247529fc822022-01-05 10:01:48.712root 11241100x80000000000000006957737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e92782f71afe8ec2022-01-05 10:01:48.712root 11241100x80000000000000006957738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ce4e05b8adf5002022-01-05 10:01:48.712root 11241100x80000000000000006957739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5b1b487be0f1d12022-01-05 10:01:48.712root 11241100x80000000000000006957740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a482b8be377c575c2022-01-05 10:01:48.713root 11241100x80000000000000006957741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9da2f063d9033292022-01-05 10:01:48.713root 11241100x80000000000000006957742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d82cc6633869632022-01-05 10:01:48.713root 11241100x80000000000000006957743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4c29b41ed57f812022-01-05 10:01:48.713root 11241100x80000000000000006957744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388c6b2b69493e822022-01-05 10:01:48.713root 11241100x80000000000000006957745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f963e889b52beb2022-01-05 10:01:48.714root 11241100x80000000000000006957746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515820045f2315d32022-01-05 10:01:48.714root 11241100x80000000000000006957747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74a86c46f5ed8f12022-01-05 10:01:48.714root 11241100x80000000000000006957748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcd4f81091bc88d2022-01-05 10:01:48.714root 11241100x80000000000000006957749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e255bc81f5ac2b9c2022-01-05 10:01:48.714root 11241100x80000000000000006957750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6105a96edffc81b32022-01-05 10:01:48.714root 11241100x80000000000000006957751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a834cc5d4fc9eb3d2022-01-05 10:01:48.714root 11241100x80000000000000006957752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eba0d5f9c5f57d2022-01-05 10:01:48.715root 11241100x80000000000000006957753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5e23233a802e352022-01-05 10:01:48.715root 11241100x80000000000000006957754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f9064ccff9e202022-01-05 10:01:48.715root 11241100x80000000000000006957755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf0c2de217a47262022-01-05 10:01:48.715root 11241100x80000000000000006957756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54cae5a5347e0a62022-01-05 10:01:48.715root 11241100x80000000000000006957757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3569cb5c2b6279a22022-01-05 10:01:48.715root 11241100x80000000000000006957758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1c42288900a0562022-01-05 10:01:48.715root 11241100x80000000000000006957759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6a11171beebd022022-01-05 10:01:48.716root 11241100x80000000000000006957760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e81a456215dc5a2022-01-05 10:01:48.716root 11241100x80000000000000006957761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb69998cb13457892022-01-05 10:01:48.716root 11241100x80000000000000006957762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cd80d7d4648b3c2022-01-05 10:01:48.716root 11241100x80000000000000006957763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b0006037caa1022022-01-05 10:01:48.716root 11241100x80000000000000006957764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93284e82b29891392022-01-05 10:01:48.716root 11241100x80000000000000006957765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40055b340bf1b5792022-01-05 10:01:49.209root 11241100x80000000000000006957766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b7c7bd75ee43242022-01-05 10:01:49.209root 11241100x80000000000000006957767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825be8ac5f2f9c5f2022-01-05 10:01:49.209root 11241100x80000000000000006957768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6101dfd7a79e4a382022-01-05 10:01:49.209root 11241100x80000000000000006957769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a929032dc99d1fa2022-01-05 10:01:49.209root 11241100x80000000000000006957770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7999837b9dfc48e52022-01-05 10:01:49.210root 11241100x80000000000000006957771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c576ac8877111a2022-01-05 10:01:49.210root 11241100x80000000000000006957772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab2bee178ac5a892022-01-05 10:01:49.210root 11241100x80000000000000006957773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfd2c17931add8b2022-01-05 10:01:49.210root 11241100x80000000000000006957774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e2ccedb8f8c7a62022-01-05 10:01:49.210root 11241100x80000000000000006957775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9827c4d3229648752022-01-05 10:01:49.210root 11241100x80000000000000006957776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f058be2724f18c2022-01-05 10:01:49.211root 11241100x80000000000000006957777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da907e085bdd8a2e2022-01-05 10:01:49.211root 11241100x80000000000000006957778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f262f76968e47db2022-01-05 10:01:49.211root 11241100x80000000000000006957779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678ffeed47e4945f2022-01-05 10:01:49.211root 11241100x80000000000000006957780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2e0fcb16212eab2022-01-05 10:01:49.211root 11241100x80000000000000006957781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5639ef2f9b354d32022-01-05 10:01:49.211root 11241100x80000000000000006957782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f358a65b247dfd32022-01-05 10:01:49.211root 11241100x80000000000000006957783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec181300d5538fce2022-01-05 10:01:49.211root 11241100x80000000000000006957784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeef22408032c9b42022-01-05 10:01:49.211root 11241100x80000000000000006957785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6986628f68b953b02022-01-05 10:01:49.211root 11241100x80000000000000006957786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aefd7bebc614b1c2022-01-05 10:01:49.212root 11241100x80000000000000006957787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b631649b68e07152022-01-05 10:01:49.212root 11241100x80000000000000006957788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ea79621010b8892022-01-05 10:01:49.212root 11241100x80000000000000006957789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09cbe2bf29db94e2022-01-05 10:01:49.212root 11241100x80000000000000006957790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364e0b6f0b25a01a2022-01-05 10:01:49.212root 11241100x80000000000000006957791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e26ffdd4f4c2ca2022-01-05 10:01:49.212root 11241100x80000000000000006957792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aebbca86bab7c52022-01-05 10:01:49.212root 11241100x80000000000000006957793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8122145a7610d22022-01-05 10:01:49.212root 11241100x80000000000000006957794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45cb18f24e3f1fa2022-01-05 10:01:49.212root 11241100x80000000000000006957795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e581f35f36e98db42022-01-05 10:01:49.212root 11241100x80000000000000006957796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d45c5f1fec770502022-01-05 10:01:49.213root 11241100x80000000000000006957797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9ade55406061882022-01-05 10:01:49.213root 11241100x80000000000000006957798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c45a49f4f1a366d2022-01-05 10:01:49.213root 11241100x80000000000000006957799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129fc5288fded1482022-01-05 10:01:49.213root 11241100x80000000000000006957800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6773e8f719360a842022-01-05 10:01:49.213root 11241100x80000000000000006957801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4074ac04399301f2022-01-05 10:01:49.213root 11241100x80000000000000006957802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d832352d66030b72022-01-05 10:01:49.213root 11241100x80000000000000006957803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b752e29dd350a2022-01-05 10:01:49.213root 11241100x80000000000000006957804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabe8ffd7a153ee02022-01-05 10:01:49.213root 11241100x80000000000000006957805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563a878f06c17c102022-01-05 10:01:49.213root 11241100x80000000000000006957806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12138354abe6b0d2022-01-05 10:01:49.214root 11241100x80000000000000006957807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667d4cbe4ee51e6a2022-01-05 10:01:49.214root 11241100x80000000000000006957808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c0aafc4fa8e2662022-01-05 10:01:49.214root 11241100x80000000000000006957809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11df1718a8e4c1d2022-01-05 10:01:49.214root 11241100x80000000000000006957810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddc40f1c08eaf9f2022-01-05 10:01:49.214root 11241100x80000000000000006957811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c7415de96213df2022-01-05 10:01:49.214root 11241100x80000000000000006957812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3a694918119cfb2022-01-05 10:01:49.215root 11241100x80000000000000006957813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354a0b37df61dc552022-01-05 10:01:49.215root 11241100x80000000000000006957814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c8bff53614ec5c2022-01-05 10:01:49.215root 11241100x80000000000000006957815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79fb1766194eb0d2022-01-05 10:01:49.215root 11241100x80000000000000006957816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91386a3f2961b742022-01-05 10:01:49.215root 11241100x80000000000000006957817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb1a1a844c72672022-01-05 10:01:49.215root 11241100x80000000000000006957818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9745f908a3bebf2022-01-05 10:01:49.215root 11241100x80000000000000006957819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9812f08678243f2022-01-05 10:01:49.216root 11241100x80000000000000006957820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b120fd681fc8a9912022-01-05 10:01:49.216root 11241100x80000000000000006957821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd59c6c9a0aaa5332022-01-05 10:01:49.216root 11241100x80000000000000006957822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f908fa406ffad8d2022-01-05 10:01:49.216root 11241100x80000000000000006957823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e49109ded669382022-01-05 10:01:49.216root 11241100x80000000000000006957824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ae19cd655af13a2022-01-05 10:01:49.217root 11241100x80000000000000006957825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f46e2435532a5b2022-01-05 10:01:49.217root 11241100x80000000000000006957826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679c0b56758414932022-01-05 10:01:49.709root 11241100x80000000000000006957827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a669fe3c5dfbf52022-01-05 10:01:49.709root 11241100x80000000000000006957828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2dae60445694ad2022-01-05 10:01:49.710root 11241100x80000000000000006957829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220badae04bee1a82022-01-05 10:01:49.710root 11241100x80000000000000006957830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11940c515065be912022-01-05 10:01:49.710root 11241100x80000000000000006957831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f79e342a0627f62022-01-05 10:01:49.710root 11241100x80000000000000006957832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9418ed8dd9c077812022-01-05 10:01:49.710root 11241100x80000000000000006957833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecbe110a9344c762022-01-05 10:01:49.710root 11241100x80000000000000006957834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4b9608342a195a2022-01-05 10:01:49.710root 11241100x80000000000000006957835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01092c80f9125d932022-01-05 10:01:49.710root 11241100x80000000000000006957836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9a28a970f8a1d02022-01-05 10:01:49.710root 11241100x80000000000000006957837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe241073330f332022-01-05 10:01:49.710root 11241100x80000000000000006957838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a4ad36cb12e90b2022-01-05 10:01:49.711root 11241100x80000000000000006957839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1024ceb0a4e6d582022-01-05 10:01:49.711root 11241100x80000000000000006957840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a3db7a3561b1a32022-01-05 10:01:49.711root 11241100x80000000000000006957841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664bc44827c909fa2022-01-05 10:01:49.711root 11241100x80000000000000006957842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca52876c8075df742022-01-05 10:01:49.711root 11241100x80000000000000006957843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30b3887f6a5747b2022-01-05 10:01:49.711root 11241100x80000000000000006957844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6359fd96ab4b861f2022-01-05 10:01:49.711root 11241100x80000000000000006957845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ce1e1da24948c12022-01-05 10:01:49.711root 11241100x80000000000000006957846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079ef01010bc58a62022-01-05 10:01:49.712root 11241100x80000000000000006957847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a1e97b7abb6ff72022-01-05 10:01:49.712root 11241100x80000000000000006957848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081d71388dece66e2022-01-05 10:01:49.712root 11241100x80000000000000006957849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c242a6f86a20dc8c2022-01-05 10:01:49.712root 11241100x80000000000000006957850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbba2948437618d32022-01-05 10:01:49.712root 534500x80000000000000006957900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.066{ec2e79f3-6c8b-61d5-0000-000000000000}23006-sshd 534500x80000000000000006957901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.067{ec2e79f3-6c8b-61d5-e007-50820b560000}23005/usr/sbin/sshdroot 354300x80000000000000006957902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.111{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse47.253.45.0-48192-false10.0.1.25-22- 11241100x80000000000000006957903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.111{ec2e79f3-6c96-61d5-e0a7-320694550000}23007/usr/sbin/sshd/proc/23007/oom_score_adj2022-01-05 10:01:58.111root 154100x80000000000000006957904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.111{ec2e79f3-6c96-61d5-e077-9455f5550000}23007/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 534500x80000000000000006957905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.303{ec2e79f3-6c96-61d5-0000-000000000000}23008-sshd 534500x80000000000000006957906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.303{ec2e79f3-6c96-61d5-e077-9455f5550000}23007/usr/sbin/sshdroot 11241100x80000000000000006957907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7b8f513919947b2022-01-05 10:01:58.459root 11241100x80000000000000006957908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68377c97b44608102022-01-05 10:01:58.459root 11241100x80000000000000006957909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c650524a0a38862022-01-05 10:01:58.459root 11241100x80000000000000006957910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563a36b3a7c46f812022-01-05 10:01:58.459root 11241100x80000000000000006957911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca4dc8a041060b32022-01-05 10:01:58.459root 11241100x80000000000000006957912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75892e2427664aab2022-01-05 10:01:58.460root 11241100x80000000000000006957913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391dbea7251865b42022-01-05 10:01:58.460root 11241100x80000000000000006957914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9970344f2b0bbf2022-01-05 10:01:58.960root 11241100x80000000000000006957915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36360125f3cbc7f2022-01-05 10:01:58.960root 11241100x80000000000000006957916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a688ff272edb0e2022-01-05 10:01:58.960root 11241100x80000000000000006957917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01f8380e8a1fb2b2022-01-05 10:01:58.960root 11241100x80000000000000006957918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18a1705c2c370b82022-01-05 10:01:58.960root 11241100x80000000000000006957919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b566e622fdef3e462022-01-05 10:01:58.961root 11241100x80000000000000006957920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf96b86577b59052022-01-05 10:01:58.961root 11241100x80000000000000006957921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:01:59.221root 11241100x80000000000000006957922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4cc7fef8a9b7f52022-01-05 10:01:59.222root 11241100x80000000000000006957923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba6760dd69f9df22022-01-05 10:01:59.222root 11241100x80000000000000006957924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751dbf7a54d0eac02022-01-05 10:01:59.223root 11241100x80000000000000006957925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20f1851f87e33c62022-01-05 10:01:59.223root 11241100x80000000000000006957926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d58f628c439942022-01-05 10:01:59.223root 11241100x80000000000000006957927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8dc3983926eaeb2022-01-05 10:01:59.223root 11241100x80000000000000006957928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ea2e80ec32404b2022-01-05 10:01:59.223root 11241100x80000000000000006957929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15137408925593f92022-01-05 10:01:59.223root 11241100x80000000000000006957930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b45c021f2ba2f482022-01-05 10:01:59.709root 11241100x80000000000000006957931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001fc7fdfa11d47e2022-01-05 10:01:59.709root 11241100x80000000000000006957932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42df8f8f61c2ad62022-01-05 10:01:59.709root 11241100x80000000000000006957933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3260ead670494d2022-01-05 10:01:59.710root 11241100x80000000000000006957934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0379c260d1438f552022-01-05 10:01:59.710root 11241100x80000000000000006957935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f38dae0f7e337a22022-01-05 10:01:59.710root 11241100x80000000000000006957936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef80985c7592f8c2022-01-05 10:01:59.710root 11241100x80000000000000006957937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dba944cc03d1902022-01-05 10:01:59.710root 11241100x80000000000000006957938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421547c28521d9e32022-01-05 10:02:00.209root 11241100x80000000000000006957939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5714b3e414649ac42022-01-05 10:02:00.209root 11241100x80000000000000006957940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ace43c110422c4c2022-01-05 10:02:00.209root 11241100x80000000000000006957941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8281cf28006694922022-01-05 10:02:00.209root 11241100x80000000000000006957942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcba3c06e83b65c2022-01-05 10:02:00.209root 11241100x80000000000000006957943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30286189b2493b6a2022-01-05 10:02:00.210root 11241100x80000000000000006957944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c98d20f1a41be42022-01-05 10:02:00.210root 11241100x80000000000000006957945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60833d4f40a08b12022-01-05 10:02:00.210root 11241100x80000000000000006957946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d552b468253b3e5b2022-01-05 10:02:00.709root 11241100x80000000000000006957947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa62a4a2e53503ec2022-01-05 10:02:00.709root 11241100x80000000000000006957948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5aa0bf5bb81d8e2022-01-05 10:02:00.709root 11241100x80000000000000006957949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c9f75a99c153702022-01-05 10:02:00.709root 11241100x80000000000000006957950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df73832aa264c5942022-01-05 10:02:00.710root 11241100x80000000000000006957951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b283b2b683895e412022-01-05 10:02:00.710root 11241100x80000000000000006957952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3e0b1704c89be72022-01-05 10:02:00.710root 11241100x80000000000000006957953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc48fa9db739ab82022-01-05 10:02:00.710root 354300x80000000000000006957954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.080{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41698-false10.0.1.12-8000- 11241100x80000000000000006957955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.080{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6083e7344c04bb02022-01-05 10:02:01.080root 11241100x80000000000000006957956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f26101ec67c4d2022-01-05 10:02:01.081root 11241100x80000000000000006957957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d283cd5140e512432022-01-05 10:02:01.081root 11241100x80000000000000006957958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f03819d4dec6ff2022-01-05 10:02:01.081root 11241100x80000000000000006957959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7f8448ef8eb14c2022-01-05 10:02:01.081root 11241100x80000000000000006957960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fde84ed292372f32022-01-05 10:02:01.081root 11241100x80000000000000006957961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f5c46b380551c92022-01-05 10:02:01.081root 11241100x80000000000000006957962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a79e6a4ca5ecc2a2022-01-05 10:02:01.081root 11241100x80000000000000006957963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1830b222677576e22022-01-05 10:02:01.082root 11241100x80000000000000006957964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49713802020806282022-01-05 10:02:01.082root 11241100x80000000000000006957965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f40e6d2b14df5772022-01-05 10:02:01.082root 11241100x80000000000000006957966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bb946ec8f5be912022-01-05 10:02:01.082root 11241100x80000000000000006957967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9a5fe81def20342022-01-05 10:02:01.082root 11241100x80000000000000006957968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620299ed294e48892022-01-05 10:02:01.082root 11241100x80000000000000006957969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42969163cb692bd22022-01-05 10:02:01.459root 11241100x80000000000000006957970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9cc3ed1f52d2592022-01-05 10:02:01.459root 11241100x80000000000000006957971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1be5a44a01982d12022-01-05 10:02:01.459root 11241100x80000000000000006957972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda4bcaad2e9626a2022-01-05 10:02:01.460root 11241100x80000000000000006957973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e693241ff759112022-01-05 10:02:01.460root 11241100x80000000000000006957974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093d4a65743588d62022-01-05 10:02:01.460root 11241100x80000000000000006957975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e274251a83a518f2022-01-05 10:02:01.460root 11241100x80000000000000006957976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e521520e25c43cc2022-01-05 10:02:01.460root 11241100x80000000000000006957977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1f64d52bcd559c2022-01-05 10:02:01.460root 11241100x80000000000000006957978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd1b515550251782022-01-05 10:02:01.959root 11241100x80000000000000006957979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6501a0bf1febe83c2022-01-05 10:02:01.959root 11241100x80000000000000006957980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd23db096931472022-01-05 10:02:01.959root 11241100x80000000000000006957981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5c43f1e6fc87fc2022-01-05 10:02:01.959root 11241100x80000000000000006957982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc45c3638d8519be2022-01-05 10:02:01.959root 11241100x80000000000000006957983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f280e02887f5047d2022-01-05 10:02:01.960root 11241100x80000000000000006957984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac5e8579b83c91c2022-01-05 10:02:01.960root 11241100x80000000000000006957985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f88a03426364a972022-01-05 10:02:01.960root 11241100x80000000000000006957986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4468fef4faa295da2022-01-05 10:02:01.960root 23542300x80000000000000006957987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.223{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006957988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbf1ceaf98e20332022-01-05 10:02:02.224root 11241100x80000000000000006957989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6217c7437bc89f2022-01-05 10:02:02.224root 11241100x80000000000000006957990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf1fb280956af652022-01-05 10:02:02.224root 11241100x80000000000000006957991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c081ceb55da751152022-01-05 10:02:02.224root 11241100x80000000000000006957992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eadf203debbca52022-01-05 10:02:02.224root 11241100x80000000000000006957993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31a2109e0f8abf02022-01-05 10:02:02.224root 11241100x80000000000000006957994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f461310fd4a2122022-01-05 10:02:02.224root 11241100x80000000000000006957995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b6c9487eeff58d2022-01-05 10:02:02.224root 11241100x80000000000000006957996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555157a7204a94ec2022-01-05 10:02:02.224root 11241100x80000000000000006957997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128bc2b176b220b82022-01-05 10:02:02.224root 11241100x80000000000000006957998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d460cee500e056b2022-01-05 10:02:02.709root 11241100x80000000000000006957999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25598b77dffb71522022-01-05 10:02:02.709root 11241100x80000000000000006958000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4d057fcf50c3932022-01-05 10:02:02.709root 11241100x80000000000000006958001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a63130050766c6d2022-01-05 10:02:02.709root 11241100x80000000000000006958002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7354899e9839e272022-01-05 10:02:02.710root 11241100x80000000000000006958003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b45c17faccdf5442022-01-05 10:02:02.710root 11241100x80000000000000006958004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6aa8ac3b093e0e2022-01-05 10:02:02.710root 11241100x80000000000000006958005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4edca8bccf03b42022-01-05 10:02:02.710root 11241100x80000000000000006958006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1491da402ff2af22022-01-05 10:02:02.710root 11241100x80000000000000006958007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10506e8fea06abb12022-01-05 10:02:02.710root 11241100x80000000000000006958008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007e7098097faf32022-01-05 10:02:03.209root 11241100x80000000000000006958009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f4fbfc67045dbc2022-01-05 10:02:03.210root 11241100x80000000000000006958010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9581b5c2c9049f952022-01-05 10:02:03.210root 11241100x80000000000000006958011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b8e1298ba8899d2022-01-05 10:02:03.210root 11241100x80000000000000006958012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42900308040e49c2022-01-05 10:02:03.210root 11241100x80000000000000006958013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5dc109b3235bb22022-01-05 10:02:03.210root 11241100x80000000000000006958014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6308cc4255ab6d692022-01-05 10:02:03.210root 11241100x80000000000000006958015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59b499bd6fe8f4f2022-01-05 10:02:03.210root 11241100x80000000000000006958016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027fc11c4e80a0d32022-01-05 10:02:03.210root 11241100x80000000000000006958017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec1fc129f1f59782022-01-05 10:02:03.210root 11241100x80000000000000006958018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9893217fe0b036502022-01-05 10:02:03.709root 11241100x80000000000000006958019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade6ac3ce292f33b2022-01-05 10:02:03.710root 11241100x80000000000000006958020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32be2207e294bec2022-01-05 10:02:03.710root 11241100x80000000000000006958021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636a021247be540a2022-01-05 10:02:03.710root 11241100x80000000000000006958022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9c84dff6ac33972022-01-05 10:02:03.710root 11241100x80000000000000006958023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4ac4623d4f332e2022-01-05 10:02:03.710root 11241100x80000000000000006958024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8516d0f523b855c2022-01-05 10:02:03.710root 11241100x80000000000000006958025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff258638bc16cde02022-01-05 10:02:03.711root 11241100x80000000000000006958026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d22afeb5e45f3cf2022-01-05 10:02:03.711root 11241100x80000000000000006958027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a10b6694d5d9d52022-01-05 10:02:03.711root 11241100x80000000000000006958028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a701e296469629712022-01-05 10:02:04.209root 11241100x80000000000000006958029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6259fd1b6df24052022-01-05 10:02:04.210root 11241100x80000000000000006958030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7573d6310e1647a32022-01-05 10:02:04.210root 11241100x80000000000000006958031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b9e5233e284002022-01-05 10:02:04.210root 11241100x80000000000000006958032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b93741b13adcce62022-01-05 10:02:04.210root 11241100x80000000000000006958033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab91552942450aea2022-01-05 10:02:04.210root 11241100x80000000000000006958034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642ff81d4a2660be2022-01-05 10:02:04.210root 11241100x80000000000000006958035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e0a798293aa6c32022-01-05 10:02:04.210root 11241100x80000000000000006958036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095494094d4bf1b62022-01-05 10:02:04.211root 11241100x80000000000000006958037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3048aff60f736ed82022-01-05 10:02:04.211root 11241100x80000000000000006958038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7662101988d2a0dc2022-01-05 10:02:04.709root 11241100x80000000000000006958039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f71b48875f5c942022-01-05 10:02:04.710root 11241100x80000000000000006958040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b6f65dd70547412022-01-05 10:02:04.710root 11241100x80000000000000006958041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8330275427a5853d2022-01-05 10:02:04.710root 11241100x80000000000000006958042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70890a8a30bd04632022-01-05 10:02:04.710root 11241100x80000000000000006958043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237f60493c6e66752022-01-05 10:02:04.710root 11241100x80000000000000006958044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c6ba8d458bd5222022-01-05 10:02:04.711root 11241100x80000000000000006958045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474efc581e2284892022-01-05 10:02:04.711root 11241100x80000000000000006958046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f30ca554e8b46602022-01-05 10:02:04.711root 11241100x80000000000000006958047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25a5eb01dbfcb6b2022-01-05 10:02:04.711root 11241100x80000000000000006958048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b800cfc2a1bad33d2022-01-05 10:02:05.209root 11241100x80000000000000006958049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f5f4a9527854e22022-01-05 10:02:05.210root 11241100x80000000000000006958050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8238acb1b81338802022-01-05 10:02:05.210root 11241100x80000000000000006958051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2343badfb4329b032022-01-05 10:02:05.210root 11241100x80000000000000006958052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb735903b2bc6c2022-01-05 10:02:05.210root 11241100x80000000000000006958053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed285a5e4db92f12022-01-05 10:02:05.210root 11241100x80000000000000006958054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b7154ee7931d842022-01-05 10:02:05.210root 11241100x80000000000000006958055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78187194799ce2bc2022-01-05 10:02:05.211root 11241100x80000000000000006958056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425616cd332b4ac82022-01-05 10:02:05.211root 11241100x80000000000000006958057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8880ed7c080d712022-01-05 10:02:05.211root 11241100x80000000000000006958058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238389f3d993f7ba2022-01-05 10:02:05.709root 11241100x80000000000000006958059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73200a363319ec602022-01-05 10:02:05.710root 11241100x80000000000000006958060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385187dd553490342022-01-05 10:02:05.710root 11241100x80000000000000006958061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78baffd26521afe12022-01-05 10:02:05.710root 11241100x80000000000000006958062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84e2388e408881c2022-01-05 10:02:05.710root 11241100x80000000000000006958063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f38acc9bda23532022-01-05 10:02:05.710root 11241100x80000000000000006958064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3728d9d3320d9452022-01-05 10:02:05.710root 11241100x80000000000000006958065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24236722fb0a15272022-01-05 10:02:05.711root 11241100x80000000000000006958066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a298a5b7179af592022-01-05 10:02:05.711root 11241100x80000000000000006958067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d1b8ea57c2f27d2022-01-05 10:02:05.711root 11241100x80000000000000006958068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b41d49e7d3bb3b2022-01-05 10:02:06.209root 11241100x80000000000000006958069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206b9642994ec05d2022-01-05 10:02:06.210root 11241100x80000000000000006958070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e39d84641a976082022-01-05 10:02:06.210root 11241100x80000000000000006958071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691e1af5dcfecebf2022-01-05 10:02:06.210root 11241100x80000000000000006958072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bdc27eb6de4ff82022-01-05 10:02:06.210root 11241100x80000000000000006958073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff76c97329e9b962022-01-05 10:02:06.210root 11241100x80000000000000006958074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389cfd686a75a9d52022-01-05 10:02:06.210root 11241100x80000000000000006958075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1281c013b5a634d2022-01-05 10:02:06.211root 11241100x80000000000000006958076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7086c53b7a8247d2022-01-05 10:02:06.211root 11241100x80000000000000006958077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d792ded12aab5dad2022-01-05 10:02:06.211root 354300x80000000000000006958078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.224{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41700-false10.0.1.12-8000- 11241100x80000000000000006958079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73f6c22c8919d6e2022-01-05 10:02:06.709root 11241100x80000000000000006958080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b3206de1e7d5612022-01-05 10:02:06.710root 11241100x80000000000000006958081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bda3c1790f98b42022-01-05 10:02:06.710root 11241100x80000000000000006958082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413ecb5a02e17da22022-01-05 10:02:06.710root 11241100x80000000000000006958083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d586d7836bebe2022-01-05 10:02:06.710root 11241100x80000000000000006958084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bf02a9f65c7a7b2022-01-05 10:02:06.710root 11241100x80000000000000006958085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefbcf568143e9882022-01-05 10:02:06.711root 11241100x80000000000000006958086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78198d53824307652022-01-05 10:02:06.711root 11241100x80000000000000006958087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc8d62b0d37ee4e2022-01-05 10:02:06.711root 11241100x80000000000000006958088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe78330cf177fdea2022-01-05 10:02:06.711root 11241100x80000000000000006958089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bbfddad92fdb1f2022-01-05 10:02:06.711root 11241100x80000000000000006958090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3af99ac7ffb5892022-01-05 10:02:07.209root 11241100x80000000000000006958091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc27f88fd468b2b12022-01-05 10:02:07.210root 11241100x80000000000000006958092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8afd6e7c6a13e42022-01-05 10:02:07.210root 11241100x80000000000000006958093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a57e2afe91d73af2022-01-05 10:02:07.210root 11241100x80000000000000006958094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab506fe1caaf3682022-01-05 10:02:07.210root 11241100x80000000000000006958095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9719e5ebff3fba012022-01-05 10:02:07.210root 11241100x80000000000000006958096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccbdb744f1abb632022-01-05 10:02:07.210root 11241100x80000000000000006958097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22d273cebe16912022-01-05 10:02:07.211root 11241100x80000000000000006958098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e07b4f3248a0b72022-01-05 10:02:07.211root 11241100x80000000000000006958099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1e7ffae15561002022-01-05 10:02:07.211root 11241100x80000000000000006958100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8fb4a10b2354852022-01-05 10:02:07.211root 11241100x80000000000000006958101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb95eeda0eddc2b2022-01-05 10:02:07.709root 11241100x80000000000000006958102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96aa4860261226f2022-01-05 10:02:07.710root 11241100x80000000000000006958103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e3843cd9ce252b2022-01-05 10:02:07.710root 11241100x80000000000000006958104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ea8d74ddebc5782022-01-05 10:02:07.710root 11241100x80000000000000006958105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e2d4a0ba828b02022-01-05 10:02:07.710root 11241100x80000000000000006958106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604510dbf41c2b132022-01-05 10:02:07.710root 11241100x80000000000000006958107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cb1cfe4ea7b82d2022-01-05 10:02:07.710root 11241100x80000000000000006958108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c2c79e52ecb6902022-01-05 10:02:07.711root 11241100x80000000000000006958109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6711ddb0dc1dd92022-01-05 10:02:07.711root 11241100x80000000000000006958110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a322c7a4e1e67a402022-01-05 10:02:07.711root 11241100x80000000000000006958111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e24ff4c833cf9eb2022-01-05 10:02:07.711root 11241100x80000000000000006958112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76a97b98be385d62022-01-05 10:02:08.209root 11241100x80000000000000006958113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2862742b90afab5d2022-01-05 10:02:08.210root 11241100x80000000000000006958114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b2ab77fe2e0d492022-01-05 10:02:08.210root 11241100x80000000000000006958115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a6aae41f8a00ea2022-01-05 10:02:08.210root 11241100x80000000000000006958116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314b10cf272a18ef2022-01-05 10:02:08.210root 11241100x80000000000000006958117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fb2587aa6b8de22022-01-05 10:02:08.210root 11241100x80000000000000006958118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39ce6fc6914fa72022-01-05 10:02:08.210root 11241100x80000000000000006958119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b245d832aec1f202022-01-05 10:02:08.211root 11241100x80000000000000006958120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4722deb3e815ebc2022-01-05 10:02:08.211root 11241100x80000000000000006958121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5f1a546db2b4f52022-01-05 10:02:08.211root 11241100x80000000000000006958122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439b95c24ac964172022-01-05 10:02:08.211root 11241100x80000000000000006958123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc691e2f02951fe2022-01-05 10:02:08.709root 11241100x80000000000000006958124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee47a36b47ce7a102022-01-05 10:02:08.710root 11241100x80000000000000006958125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d21f0630aee25a2022-01-05 10:02:08.710root 11241100x80000000000000006958126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af62af40be46c1732022-01-05 10:02:08.710root 11241100x80000000000000006958127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8fd451fc0ec46e2022-01-05 10:02:08.710root 11241100x80000000000000006958128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3c5551684b5e4e2022-01-05 10:02:08.710root 11241100x80000000000000006958129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4a9da2eea52ec72022-01-05 10:02:08.710root 11241100x80000000000000006958130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd296e5dc1ea3a72022-01-05 10:02:08.711root 11241100x80000000000000006958131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497f6a838f2f92222022-01-05 10:02:08.711root 11241100x80000000000000006958132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f31d0360c0750752022-01-05 10:02:08.711root 11241100x80000000000000006958133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a816d08b5432695a2022-01-05 10:02:08.711root 11241100x80000000000000006958134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb019b80e6ec1092022-01-05 10:02:09.209root 11241100x80000000000000006958135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b4e06384838b9d2022-01-05 10:02:09.210root 11241100x80000000000000006958136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773c736250b35b992022-01-05 10:02:09.210root 11241100x80000000000000006958137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb1786d182d34232022-01-05 10:02:09.210root 11241100x80000000000000006958138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6250d03283f09c2022-01-05 10:02:09.210root 11241100x80000000000000006958139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c88ce2f5cd9676f2022-01-05 10:02:09.211root 11241100x80000000000000006958140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8ab0c8a56797722022-01-05 10:02:09.211root 11241100x80000000000000006958141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b931fa4f2ebd462022-01-05 10:02:09.211root 11241100x80000000000000006958142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065899b8e0f886492022-01-05 10:02:09.211root 11241100x80000000000000006958143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226c29025e9a401e2022-01-05 10:02:09.211root 11241100x80000000000000006958144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8ea1c07f3182232022-01-05 10:02:09.211root 11241100x80000000000000006958145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedca2a79b1ff91a2022-01-05 10:02:09.709root 11241100x80000000000000006958146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371d0d45ec6128412022-01-05 10:02:09.710root 11241100x80000000000000006958147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958a818352e5fd202022-01-05 10:02:09.710root 11241100x80000000000000006958148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238dfe35eb51712a2022-01-05 10:02:09.710root 11241100x80000000000000006958149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3582b4ba9987391c2022-01-05 10:02:09.710root 11241100x80000000000000006958150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8becb05771a8ad482022-01-05 10:02:09.710root 11241100x80000000000000006958151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f15e601bd895ec32022-01-05 10:02:09.710root 11241100x80000000000000006958152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0a275a853982032022-01-05 10:02:09.710root 11241100x80000000000000006958153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9965d9502aa9b3bc2022-01-05 10:02:09.710root 11241100x80000000000000006958154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7e324e69f530f52022-01-05 10:02:09.710root 11241100x80000000000000006958155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503f31e211a4c09b2022-01-05 10:02:09.710root 11241100x80000000000000006958156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2ca498706ea0ec2022-01-05 10:02:10.209root 11241100x80000000000000006958157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bc74cd2f6b13b12022-01-05 10:02:10.210root 11241100x80000000000000006958158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6afcfc396b716ee2022-01-05 10:02:10.210root 11241100x80000000000000006958159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fce17009159e73b2022-01-05 10:02:10.210root 11241100x80000000000000006958160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7972e5cc41c6cfde2022-01-05 10:02:10.210root 11241100x80000000000000006958161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b33a8f68907275c2022-01-05 10:02:10.210root 11241100x80000000000000006958162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337a2e275c2528d62022-01-05 10:02:10.210root 11241100x80000000000000006958163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba424835eaf912652022-01-05 10:02:10.210root 11241100x80000000000000006958164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034f2e3df85287602022-01-05 10:02:10.210root 11241100x80000000000000006958165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102dd9ba61e0e8b02022-01-05 10:02:10.210root 11241100x80000000000000006958166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa41ad1de92930d2022-01-05 10:02:10.210root 11241100x80000000000000006958167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a3add8d70c733c2022-01-05 10:02:10.709root 11241100x80000000000000006958168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c666836228b9755c2022-01-05 10:02:10.709root 11241100x80000000000000006958169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd063cb7fb6fd7d12022-01-05 10:02:10.709root 11241100x80000000000000006958170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0a9d7061556e1f2022-01-05 10:02:10.710root 11241100x80000000000000006958171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000e033ba32ff82c2022-01-05 10:02:10.710root 11241100x80000000000000006958172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadf580abfeb2c662022-01-05 10:02:10.710root 11241100x80000000000000006958173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a160d67958b3e5d02022-01-05 10:02:10.710root 11241100x80000000000000006958174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6744c56a56b9e392022-01-05 10:02:10.710root 11241100x80000000000000006958175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e196fb6a38fede012022-01-05 10:02:10.710root 11241100x80000000000000006958176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3f02ac96ee4d392022-01-05 10:02:10.710root 11241100x80000000000000006958177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc03255681e9555e2022-01-05 10:02:10.710root 11241100x80000000000000006958178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68de5ed738339812022-01-05 10:02:11.209root 11241100x80000000000000006958179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f13fb5b80b43c432022-01-05 10:02:11.209root 11241100x80000000000000006958180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d385c143ffbac912022-01-05 10:02:11.209root 11241100x80000000000000006958181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16394f5da09277852022-01-05 10:02:11.210root 11241100x80000000000000006958182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9157d24afe174a52022-01-05 10:02:11.210root 11241100x80000000000000006958183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb68cceafaf22f82022-01-05 10:02:11.210root 11241100x80000000000000006958184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d56755ea5739be2022-01-05 10:02:11.210root 11241100x80000000000000006958185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a768e6b4d6d1c38b2022-01-05 10:02:11.210root 11241100x80000000000000006958186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b838b912d12f6a52022-01-05 10:02:11.210root 11241100x80000000000000006958187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cd0142c7c85efb2022-01-05 10:02:11.210root 11241100x80000000000000006958188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06d8cdc98f03e272022-01-05 10:02:11.210root 11241100x80000000000000006958189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ecb9a61acfa3972022-01-05 10:02:11.709root 11241100x80000000000000006958190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a76d31e02836482022-01-05 10:02:11.709root 11241100x80000000000000006958191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b30a4e48e05b6672022-01-05 10:02:11.709root 11241100x80000000000000006958192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f546befc0c0ffebf2022-01-05 10:02:11.710root 11241100x80000000000000006958193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c81bc858c038272022-01-05 10:02:11.710root 11241100x80000000000000006958194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490f72506efc2f0f2022-01-05 10:02:11.710root 11241100x80000000000000006958195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f284d5e6910d435d2022-01-05 10:02:11.710root 11241100x80000000000000006958196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0befa10c943bbb2022-01-05 10:02:11.710root 11241100x80000000000000006958197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c492958574ccf0b82022-01-05 10:02:11.710root 11241100x80000000000000006958198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42342fe76ac9c4a2022-01-05 10:02:11.710root 11241100x80000000000000006958199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6061818c27068ae42022-01-05 10:02:11.710root 354300x80000000000000006958200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.040{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41702-false10.0.1.12-8000- 11241100x80000000000000006958201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22002217a1ea929b2022-01-05 10:02:12.041root 11241100x80000000000000006958202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1da81f74aeddc382022-01-05 10:02:12.041root 11241100x80000000000000006958203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2bbee57b369d9d2022-01-05 10:02:12.041root 11241100x80000000000000006958204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3c4c4da2e50b0b2022-01-05 10:02:12.042root 11241100x80000000000000006958205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2812d97713d14a82022-01-05 10:02:12.042root 11241100x80000000000000006958206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff8b838bcbb1d52022-01-05 10:02:12.042root 11241100x80000000000000006958207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a21fd4c868c8362022-01-05 10:02:12.042root 11241100x80000000000000006958208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45baaf772bb759542022-01-05 10:02:12.042root 11241100x80000000000000006958209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.043{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fcc43afdd518392022-01-05 10:02:12.043root 11241100x80000000000000006958210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.043{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c197e45aae226f62022-01-05 10:02:12.043root 11241100x80000000000000006958211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.043{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c1ddc5ec3b5a272022-01-05 10:02:12.043root 11241100x80000000000000006958212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.043{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5edbb4774188acf2022-01-05 10:02:12.043root 11241100x80000000000000006958213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3968a530329bedc2022-01-05 10:02:12.459root 11241100x80000000000000006958214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b482c4ddaca8102022-01-05 10:02:12.459root 11241100x80000000000000006958215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0514cc0ded0d82af2022-01-05 10:02:12.460root 11241100x80000000000000006958216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a869def378943e42022-01-05 10:02:12.460root 11241100x80000000000000006958217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81754dca57c263352022-01-05 10:02:12.460root 11241100x80000000000000006958218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1395d5ddd7446e2f2022-01-05 10:02:12.460root 11241100x80000000000000006958219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525963da9f42c782022-01-05 10:02:12.460root 11241100x80000000000000006958220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3fe2b4a382ec7b2022-01-05 10:02:12.460root 11241100x80000000000000006958221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d995392f53eec72022-01-05 10:02:12.460root 11241100x80000000000000006958222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2a4ae4cade33a32022-01-05 10:02:12.460root 11241100x80000000000000006958223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a528723d80a38c52022-01-05 10:02:12.460root 11241100x80000000000000006958224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41d120e60fd8d022022-01-05 10:02:12.460root 11241100x80000000000000006958225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f37d4c19c26b452022-01-05 10:02:12.959root 11241100x80000000000000006958226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5f8410fc28618a2022-01-05 10:02:12.959root 11241100x80000000000000006958227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e504bcb60f53ad642022-01-05 10:02:12.960root 11241100x80000000000000006958228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d08cc22c2757b92022-01-05 10:02:12.960root 11241100x80000000000000006958229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1569c943557b752022-01-05 10:02:12.960root 11241100x80000000000000006958230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d97494785410eb2022-01-05 10:02:12.960root 11241100x80000000000000006958231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d34fb622283da72022-01-05 10:02:12.960root 11241100x80000000000000006958232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97b5c74051400ed2022-01-05 10:02:12.960root 11241100x80000000000000006958233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8b3fc49fc50e622022-01-05 10:02:12.960root 11241100x80000000000000006958234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f95571734c25172022-01-05 10:02:12.960root 11241100x80000000000000006958235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3e7d1f0a8f2a602022-01-05 10:02:12.960root 11241100x80000000000000006958236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f0e40088c2b5022022-01-05 10:02:12.960root 11241100x80000000000000006958237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87c70f4d414f20d2022-01-05 10:02:13.459root 11241100x80000000000000006958238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d16efdc52d0d22c2022-01-05 10:02:13.459root 11241100x80000000000000006958239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b7859410069b9b2022-01-05 10:02:13.460root 11241100x80000000000000006958240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7c7c4d959f512e2022-01-05 10:02:13.460root 11241100x80000000000000006958241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb4b6674684f4032022-01-05 10:02:13.460root 11241100x80000000000000006958242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510293f6be2e3f672022-01-05 10:02:13.460root 11241100x80000000000000006958243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb8fdd8e27d31672022-01-05 10:02:13.460root 11241100x80000000000000006958244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bab0e5d9c90b40a2022-01-05 10:02:13.460root 11241100x80000000000000006958245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac4260e7dc0e1c2022-01-05 10:02:13.460root 11241100x80000000000000006958246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d29e1e3208b4d62022-01-05 10:02:13.460root 11241100x80000000000000006958247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426681c34ab247972022-01-05 10:02:13.460root 11241100x80000000000000006958248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74808b1ce6c295a92022-01-05 10:02:13.460root 11241100x80000000000000006958249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e9e27c46fafd982022-01-05 10:02:13.959root 11241100x80000000000000006958250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9af32612ce4a68c2022-01-05 10:02:13.959root 11241100x80000000000000006958251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2975b073737096b42022-01-05 10:02:13.959root 11241100x80000000000000006958252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf3474c770a79702022-01-05 10:02:13.960root 11241100x80000000000000006958253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f43f940a46d30a82022-01-05 10:02:13.960root 11241100x80000000000000006958254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007360311b3d7a622022-01-05 10:02:13.960root 11241100x80000000000000006958255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d31f5749f17647c2022-01-05 10:02:13.960root 11241100x80000000000000006958256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71c1c945f9da6862022-01-05 10:02:13.960root 11241100x80000000000000006958257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879738b2b14842972022-01-05 10:02:13.960root 11241100x80000000000000006958258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7443a718e03a0ff2022-01-05 10:02:13.960root 11241100x80000000000000006958259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8987ce6bc331d92022-01-05 10:02:13.960root 11241100x80000000000000006958260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5861a26055e3da522022-01-05 10:02:13.960root 11241100x80000000000000006958261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dace708a25c9b6b2022-01-05 10:02:14.459root 11241100x80000000000000006958262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829674821923b9662022-01-05 10:02:14.459root 11241100x80000000000000006958263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d2102d2a2bc12b2022-01-05 10:02:14.459root 11241100x80000000000000006958264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fe64a9346bad122022-01-05 10:02:14.460root 11241100x80000000000000006958265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d87cbcba8b62e912022-01-05 10:02:14.460root 11241100x80000000000000006958266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc6198faaa091f42022-01-05 10:02:14.460root 11241100x80000000000000006958267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5b02663605a39e2022-01-05 10:02:14.460root 11241100x80000000000000006958268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b388be328b75e9462022-01-05 10:02:14.460root 11241100x80000000000000006958269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c14151db1bbe3572022-01-05 10:02:14.460root 11241100x80000000000000006958270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f389a8e9a8bbd6f2022-01-05 10:02:14.460root 11241100x80000000000000006958271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa78f8cf6e7f96e32022-01-05 10:02:14.460root 11241100x80000000000000006958272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d14c645c0acdc42022-01-05 10:02:14.460root 11241100x80000000000000006958273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ec65d2bd2242102022-01-05 10:02:14.959root 11241100x80000000000000006958274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389af9e406a21aa72022-01-05 10:02:14.960root 11241100x80000000000000006958275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d621fa7522fbc7f62022-01-05 10:02:14.960root 11241100x80000000000000006958276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d4daf418b1c5582022-01-05 10:02:14.960root 11241100x80000000000000006958277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90e82449daf300c2022-01-05 10:02:14.960root 11241100x80000000000000006958278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcee8798ad2d19ed2022-01-05 10:02:14.960root 11241100x80000000000000006958279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee22a64c697f6da2022-01-05 10:02:14.960root 11241100x80000000000000006958280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a833ec588394b42022-01-05 10:02:14.960root 11241100x80000000000000006958281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed35240aafe90dd2022-01-05 10:02:14.960root 11241100x80000000000000006958282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa43e6a30f94602e2022-01-05 10:02:14.960root 11241100x80000000000000006958283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b3fc0a12f1ee4c2022-01-05 10:02:14.960root 11241100x80000000000000006958284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ddd177c9c4c1282022-01-05 10:02:14.961root 11241100x80000000000000006958285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd08385660cdd3c2022-01-05 10:02:15.459root 11241100x80000000000000006958286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164d7993a59387eb2022-01-05 10:02:15.459root 11241100x80000000000000006958287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2928c279b4dfb63d2022-01-05 10:02:15.459root 11241100x80000000000000006958288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626016a2a5c834402022-01-05 10:02:15.460root 11241100x80000000000000006958289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3966984ba4b01e6c2022-01-05 10:02:15.460root 11241100x80000000000000006958290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87706c31d8c27762022-01-05 10:02:15.460root 11241100x80000000000000006958291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7e218b300fdf42022-01-05 10:02:15.460root 11241100x80000000000000006958292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94f9d7630c5fe562022-01-05 10:02:15.460root 11241100x80000000000000006958293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717451db9fe5731c2022-01-05 10:02:15.460root 11241100x80000000000000006958294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af266b4dc8be0f052022-01-05 10:02:15.460root 11241100x80000000000000006958295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f466aefe8a2588922022-01-05 10:02:15.460root 11241100x80000000000000006958296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5ee3dc40b864432022-01-05 10:02:15.460root 11241100x80000000000000006958297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9fc4883e97b6a72022-01-05 10:02:15.959root 11241100x80000000000000006958298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afabff9516f77b802022-01-05 10:02:15.960root 11241100x80000000000000006958299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72236b96e2ba15b2022-01-05 10:02:15.960root 11241100x80000000000000006958300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedb8f2984fc6fe72022-01-05 10:02:15.960root 11241100x80000000000000006958301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6065cf8acaa0f6752022-01-05 10:02:15.960root 11241100x80000000000000006958302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489ca4bfe69610752022-01-05 10:02:15.960root 11241100x80000000000000006958303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7b0fb5c110f16a2022-01-05 10:02:15.960root 11241100x80000000000000006958304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4449342ae03c7e2022-01-05 10:02:15.960root 11241100x80000000000000006958305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dab22d5776d3b62022-01-05 10:02:15.960root 11241100x80000000000000006958306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51129f8a1357f412022-01-05 10:02:15.960root 11241100x80000000000000006958307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832821e76ecf33c32022-01-05 10:02:15.960root 11241100x80000000000000006958308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b397e3b92fa7d3732022-01-05 10:02:15.960root 11241100x80000000000000006958309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea4f3d6337fb74c2022-01-05 10:02:16.459root 11241100x80000000000000006958310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b29d6308a5615792022-01-05 10:02:16.459root 11241100x80000000000000006958311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127214c99f4f51522022-01-05 10:02:16.460root 11241100x80000000000000006958312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66260d17b93c0192022-01-05 10:02:16.460root 11241100x80000000000000006958313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba33bc60d1e8ce4d2022-01-05 10:02:16.460root 11241100x80000000000000006958314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abd7899dd7978862022-01-05 10:02:16.460root 11241100x80000000000000006958315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848570ea98af77bb2022-01-05 10:02:16.460root 11241100x80000000000000006958316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89132a64d805e7fb2022-01-05 10:02:16.460root 11241100x80000000000000006958317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab6df2d273211a2022-01-05 10:02:16.460root 11241100x80000000000000006958318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23031741fd791dc32022-01-05 10:02:16.460root 11241100x80000000000000006958319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce5d46737cac5ff2022-01-05 10:02:16.460root 11241100x80000000000000006958320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018b3a463ae0dfe22022-01-05 10:02:16.461root 11241100x80000000000000006958321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7632e8ecca4cae332022-01-05 10:02:16.959root 11241100x80000000000000006958322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed78ce7d118a6492022-01-05 10:02:16.959root 11241100x80000000000000006958323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0ccc3f71888fdf2022-01-05 10:02:16.960root 11241100x80000000000000006958324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8e17a66f7422f82022-01-05 10:02:16.960root 11241100x80000000000000006958325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919a84c692609b2e2022-01-05 10:02:16.960root 11241100x80000000000000006958326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca4aa9017f19bc02022-01-05 10:02:16.960root 11241100x80000000000000006958327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786dfb33296027b32022-01-05 10:02:16.960root 11241100x80000000000000006958328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfce65b0e64aa1502022-01-05 10:02:16.960root 11241100x80000000000000006958329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71b0c01c4e1d5182022-01-05 10:02:16.960root 11241100x80000000000000006958330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f899c19b1571ce2022-01-05 10:02:16.960root 11241100x80000000000000006958331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ff4bb729ab8302022-01-05 10:02:16.960root 11241100x80000000000000006958332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf42fb832c2b0532022-01-05 10:02:16.960root 354300x80000000000000006958333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.240{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41704-false10.0.1.12-8000- 11241100x80000000000000006958334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a2e6b6015f138a2022-01-05 10:02:17.241root 11241100x80000000000000006958335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd4973bbac15ffe2022-01-05 10:02:17.241root 11241100x80000000000000006958336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8c24b11d5ea0892022-01-05 10:02:17.241root 11241100x80000000000000006958337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5046773098b741702022-01-05 10:02:17.241root 11241100x80000000000000006958338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299e2acc081104b82022-01-05 10:02:17.241root 11241100x80000000000000006958339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382f0962868dc8252022-01-05 10:02:17.241root 11241100x80000000000000006958340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3853081c9a954c2022-01-05 10:02:17.241root 11241100x80000000000000006958341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5402e553df5a686b2022-01-05 10:02:17.241root 11241100x80000000000000006958342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23cf7cf9603dd482022-01-05 10:02:17.241root 11241100x80000000000000006958343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.242{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9768a9c814f953f22022-01-05 10:02:17.242root 11241100x80000000000000006958344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.242{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e4d09980a582532022-01-05 10:02:17.242root 11241100x80000000000000006958345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.242{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99237c818295e58d2022-01-05 10:02:17.242root 11241100x80000000000000006958346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.242{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e111f8b0eb86a7cd2022-01-05 10:02:17.242root 11241100x80000000000000006958347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.242{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecd7181f049c3592022-01-05 10:02:17.242root 11241100x80000000000000006958348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.242{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ececd57df629a70a2022-01-05 10:02:17.242root 11241100x80000000000000006958349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.242{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ef6e97ba3572df2022-01-05 10:02:17.242root 11241100x80000000000000006958350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7aae71f411751182022-01-05 10:02:17.709root 11241100x80000000000000006958351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7694630e90d473e42022-01-05 10:02:17.709root 11241100x80000000000000006958352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e664258bc0c1fc142022-01-05 10:02:17.710root 11241100x80000000000000006958353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263d5880fdd9fc662022-01-05 10:02:17.710root 11241100x80000000000000006958354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb085bdb15b3b702022-01-05 10:02:17.710root 11241100x80000000000000006958355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f6b614364add502022-01-05 10:02:17.710root 11241100x80000000000000006958356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d543515e311a09752022-01-05 10:02:17.710root 11241100x80000000000000006958357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e9f15ef7729d7a2022-01-05 10:02:17.710root 11241100x80000000000000006958358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ed508074e8c1a22022-01-05 10:02:17.710root 11241100x80000000000000006958359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e90e9ee844e59f62022-01-05 10:02:17.710root 11241100x80000000000000006958360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd6c0b59baaeac12022-01-05 10:02:17.710root 11241100x80000000000000006958361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f23740a92fa23f32022-01-05 10:02:17.710root 11241100x80000000000000006958362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f059df162296402022-01-05 10:02:17.711root 11241100x80000000000000006958363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b43889b1e19d412022-01-05 10:02:18.209root 11241100x80000000000000006958364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a8b97da4e906092022-01-05 10:02:18.210root 11241100x80000000000000006958365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7850a45deddc592022-01-05 10:02:18.210root 11241100x80000000000000006958366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91581934ea048df2022-01-05 10:02:18.210root 11241100x80000000000000006958367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fa312dd72e7f312022-01-05 10:02:18.210root 11241100x80000000000000006958368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85d18401dfac4e02022-01-05 10:02:18.210root 11241100x80000000000000006958369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0ebcc90f0f9e362022-01-05 10:02:18.210root 11241100x80000000000000006958370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe103e8de6142b2022-01-05 10:02:18.210root 11241100x80000000000000006958371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63cfb2c454b9b122022-01-05 10:02:18.210root 11241100x80000000000000006958372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bbef2a037341362022-01-05 10:02:18.210root 11241100x80000000000000006958373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee4a178a22bae1b2022-01-05 10:02:18.210root 11241100x80000000000000006958374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1875632ab507e1a62022-01-05 10:02:18.210root 11241100x80000000000000006958375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d23d5991276fb702022-01-05 10:02:18.210root 11241100x80000000000000006958376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc754928d3923e082022-01-05 10:02:18.709root 11241100x80000000000000006958377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7bc72613ecbe232022-01-05 10:02:18.710root 11241100x80000000000000006958378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf484bac01f622122022-01-05 10:02:18.710root 11241100x80000000000000006958379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa44847cdef6d5292022-01-05 10:02:18.710root 11241100x80000000000000006958380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e798f37f3e71558a2022-01-05 10:02:18.710root 11241100x80000000000000006958381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a6563d400d68602022-01-05 10:02:18.710root 11241100x80000000000000006958382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bafbe9ba37292b42022-01-05 10:02:18.710root 11241100x80000000000000006958383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7098d65ddd6b442022-01-05 10:02:18.710root 11241100x80000000000000006958384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a67a9533be57e852022-01-05 10:02:18.710root 11241100x80000000000000006958385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d34dd792c5bd5c32022-01-05 10:02:18.710root 11241100x80000000000000006958386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80be8f99f62d12c02022-01-05 10:02:18.710root 11241100x80000000000000006958387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776904893a3b13352022-01-05 10:02:18.710root 11241100x80000000000000006958388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92925cb6eaf52e652022-01-05 10:02:18.710root 11241100x80000000000000006958389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9b10c42b14db12022-01-05 10:02:19.209root 11241100x80000000000000006958390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516b59290d4e7d172022-01-05 10:02:19.210root 11241100x80000000000000006958391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960203a13e2f4b152022-01-05 10:02:19.210root 11241100x80000000000000006958392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e723ec3c4313d692022-01-05 10:02:19.210root 11241100x80000000000000006958393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad75a39f9377eff02022-01-05 10:02:19.210root 11241100x80000000000000006958394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76a3ccee0e86c622022-01-05 10:02:19.210root 11241100x80000000000000006958395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f133db79ca3d3dad2022-01-05 10:02:19.210root 11241100x80000000000000006958396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c7ec1682b41afd2022-01-05 10:02:19.210root 11241100x80000000000000006958397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de179a76d2a27de2022-01-05 10:02:19.210root 11241100x80000000000000006958398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf298ea1cbe5c482022-01-05 10:02:19.210root 11241100x80000000000000006958399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032af8ac41f1d9362022-01-05 10:02:19.210root 11241100x80000000000000006958400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532ffde1a2edf28d2022-01-05 10:02:19.210root 11241100x80000000000000006958401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150c3a8fadba8b602022-01-05 10:02:19.210root 11241100x80000000000000006958402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827cfd018a59e29e2022-01-05 10:02:19.709root 11241100x80000000000000006958403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19244cbb1f7dc3d52022-01-05 10:02:19.709root 11241100x80000000000000006958404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7e3d43926b35982022-01-05 10:02:19.710root 11241100x80000000000000006958405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf86c547d0c7892f2022-01-05 10:02:19.710root 11241100x80000000000000006958406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be4e407573e0de12022-01-05 10:02:19.710root 11241100x80000000000000006958407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e7e7557f4ed9ce2022-01-05 10:02:19.710root 11241100x80000000000000006958408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82adbe8126a412e92022-01-05 10:02:19.710root 11241100x80000000000000006958409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f97ab55eff4de12022-01-05 10:02:19.710root 11241100x80000000000000006958410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412376c32c8f02f92022-01-05 10:02:19.710root 11241100x80000000000000006958411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db48b07f2299f71d2022-01-05 10:02:19.710root 11241100x80000000000000006958412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05810fe518d20ead2022-01-05 10:02:19.710root 11241100x80000000000000006958413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c002980b123ea52022-01-05 10:02:19.710root 11241100x80000000000000006958414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3443970b6618d58b2022-01-05 10:02:19.710root 11241100x80000000000000006958415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c602b0953b40823c2022-01-05 10:02:20.209root 11241100x80000000000000006958416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de17e1d96d5528a02022-01-05 10:02:20.209root 11241100x80000000000000006958417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed5b601a39783122022-01-05 10:02:20.210root 11241100x80000000000000006958418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902854d6bf494e232022-01-05 10:02:20.210root 11241100x80000000000000006958419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23776afc46ce99572022-01-05 10:02:20.210root 11241100x80000000000000006958420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2bf06fa35b9e4f2022-01-05 10:02:20.210root 11241100x80000000000000006958421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0822b864db2b893f2022-01-05 10:02:20.210root 11241100x80000000000000006958422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f82b32a0b643fcd2022-01-05 10:02:20.210root 11241100x80000000000000006958423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955c151607780ecf2022-01-05 10:02:20.210root 11241100x80000000000000006958424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b43e104c22abf4b2022-01-05 10:02:20.210root 11241100x80000000000000006958425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae3cc845b4cb0682022-01-05 10:02:20.210root 11241100x80000000000000006958426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f502b369d52eb7412022-01-05 10:02:20.210root 11241100x80000000000000006958427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56138a66f25fdca22022-01-05 10:02:20.210root 11241100x80000000000000006958428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967e94f8b1f694e02022-01-05 10:02:20.709root 11241100x80000000000000006958429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ae9ed831095c8d2022-01-05 10:02:20.709root 11241100x80000000000000006958430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522a498e884905182022-01-05 10:02:20.710root 11241100x80000000000000006958431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148fbf45a1d8e4c72022-01-05 10:02:20.710root 11241100x80000000000000006958432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4737643635bbe2c2022-01-05 10:02:20.710root 11241100x80000000000000006958433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe5757c2f35730c2022-01-05 10:02:20.710root 11241100x80000000000000006958434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58542507090fd6f2022-01-05 10:02:20.710root 11241100x80000000000000006958435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec3f5142b2dddb42022-01-05 10:02:20.710root 11241100x80000000000000006958436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a847623b0708eadc2022-01-05 10:02:20.710root 11241100x80000000000000006958437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45314062de4bef42022-01-05 10:02:20.710root 11241100x80000000000000006958438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85dbd405654fe722022-01-05 10:02:20.710root 11241100x80000000000000006958439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5020b0bcde49d1002022-01-05 10:02:20.710root 11241100x80000000000000006958440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f237ab521d6da3682022-01-05 10:02:20.710root 11241100x80000000000000006958441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef977c990acb76d2022-01-05 10:02:21.209root 11241100x80000000000000006958442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1993a1abde9913eb2022-01-05 10:02:21.209root 11241100x80000000000000006958443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0a17d4bb4227ac2022-01-05 10:02:21.210root 11241100x80000000000000006958444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b5282fb943bc3b2022-01-05 10:02:21.210root 11241100x80000000000000006958445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b97f76871d8791e2022-01-05 10:02:21.210root 11241100x80000000000000006958446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5636141783792d392022-01-05 10:02:21.210root 11241100x80000000000000006958447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ef13c1304c52f12022-01-05 10:02:21.210root 11241100x80000000000000006958448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98239cd317e2b3312022-01-05 10:02:21.210root 11241100x80000000000000006958449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bab59f88a10b5df2022-01-05 10:02:21.210root 11241100x80000000000000006958450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facd5a9512bd147e2022-01-05 10:02:21.210root 11241100x80000000000000006958451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465f0951da4f47a92022-01-05 10:02:21.210root 11241100x80000000000000006958452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7a6b6088bc4e442022-01-05 10:02:21.210root 11241100x80000000000000006958453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c9cfa4841a8c2c2022-01-05 10:02:21.210root 11241100x80000000000000006958454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5789d94e59c8c42022-01-05 10:02:21.709root 11241100x80000000000000006958455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b668f7bc58e549772022-01-05 10:02:21.709root 11241100x80000000000000006958456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c6cf081810c1ac2022-01-05 10:02:21.709root 11241100x80000000000000006958457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9bd2385871ffb32022-01-05 10:02:21.710root 11241100x80000000000000006958458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2823d51fc78cf02022-01-05 10:02:21.710root 11241100x80000000000000006958459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa369de418db79072022-01-05 10:02:21.710root 11241100x80000000000000006958460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f941d38eb4b2fca72022-01-05 10:02:21.710root 11241100x80000000000000006958461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1767d96c11b597a92022-01-05 10:02:21.710root 11241100x80000000000000006958462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1c4b389e35162c2022-01-05 10:02:21.710root 11241100x80000000000000006958463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26a592d2e516f762022-01-05 10:02:21.710root 11241100x80000000000000006958464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11d164324ae8f852022-01-05 10:02:21.710root 11241100x80000000000000006958465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b5af4c351840db2022-01-05 10:02:21.710root 11241100x80000000000000006958466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be469072ab4c3ae62022-01-05 10:02:21.710root 11241100x80000000000000006958467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552d59aeaab8ffb92022-01-05 10:02:22.209root 11241100x80000000000000006958468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335eb1e388d0fa092022-01-05 10:02:22.209root 11241100x80000000000000006958469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5692d88fb07508252022-01-05 10:02:22.209root 11241100x80000000000000006958470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1128777e9450092022-01-05 10:02:22.210root 11241100x80000000000000006958471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd2debf3c03aa292022-01-05 10:02:22.210root 11241100x80000000000000006958472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2924a5a651d3122022-01-05 10:02:22.210root 11241100x80000000000000006958473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efd41a741c21a902022-01-05 10:02:22.210root 11241100x80000000000000006958474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3571094efc4e0f8f2022-01-05 10:02:22.210root 11241100x80000000000000006958475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fd3887e0848a9c2022-01-05 10:02:22.210root 11241100x80000000000000006958476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d323b481ea363b2022-01-05 10:02:22.210root 11241100x80000000000000006958477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a22ad872cc24102022-01-05 10:02:22.211root 11241100x80000000000000006958478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42133c9d6b7db1d2022-01-05 10:02:22.211root 11241100x80000000000000006958479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc28832333cb4b92022-01-05 10:02:22.211root 11241100x80000000000000006958480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532f0fec5c40c57a2022-01-05 10:02:22.709root 11241100x80000000000000006958481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689c0da2e7a38e6a2022-01-05 10:02:22.709root 11241100x80000000000000006958482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b959fe9323293e632022-01-05 10:02:22.709root 11241100x80000000000000006958483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6832c5c124b8502022-01-05 10:02:22.709root 11241100x80000000000000006958484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0499ba63ebc996c2022-01-05 10:02:22.709root 11241100x80000000000000006958485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691236ae5321c6542022-01-05 10:02:22.710root 11241100x80000000000000006958486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15225c6115037782022-01-05 10:02:22.710root 11241100x80000000000000006958487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e84655a6bcb3fac2022-01-05 10:02:22.710root 11241100x80000000000000006958488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdfbe90d452cc3b2022-01-05 10:02:22.710root 11241100x80000000000000006958489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd628e78dfd35af52022-01-05 10:02:22.710root 11241100x80000000000000006958490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d90909da173e832022-01-05 10:02:22.710root 11241100x80000000000000006958491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ae6f7fa5b7c0492022-01-05 10:02:22.710root 11241100x80000000000000006958492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a7cc099d78006c2022-01-05 10:02:22.710root 354300x80000000000000006958493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.033{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41706-false10.0.1.12-8000- 11241100x80000000000000006958494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f966c2f10653282022-01-05 10:02:23.034root 11241100x80000000000000006958495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cecf76b1d1580c2022-01-05 10:02:23.035root 11241100x80000000000000006958496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd54050c2949672022-01-05 10:02:23.035root 11241100x80000000000000006958497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d72392d62cd1942022-01-05 10:02:23.035root 11241100x80000000000000006958498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1038c362d739d4cb2022-01-05 10:02:23.035root 11241100x80000000000000006958499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a0b619c55f353b2022-01-05 10:02:23.035root 11241100x80000000000000006958500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abce51e8c65f9be72022-01-05 10:02:23.035root 11241100x80000000000000006958501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1139d529883df5502022-01-05 10:02:23.035root 11241100x80000000000000006958502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca5ee9d3575de442022-01-05 10:02:23.035root 11241100x80000000000000006958503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8057fa7a08f49f2022-01-05 10:02:23.035root 11241100x80000000000000006958504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005c053d124c7eef2022-01-05 10:02:23.035root 11241100x80000000000000006958505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736712499837de5e2022-01-05 10:02:23.035root 11241100x80000000000000006958506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aa9872561fa9a42022-01-05 10:02:23.035root 11241100x80000000000000006958507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4824a02667e3fc32022-01-05 10:02:23.035root 11241100x80000000000000006958508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d41f2ea7a0b17672022-01-05 10:02:23.459root 11241100x80000000000000006958509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9541290c2ff88dac2022-01-05 10:02:23.459root 11241100x80000000000000006958510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfada2148b3ea7932022-01-05 10:02:23.460root 11241100x80000000000000006958511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42a561bdcf32a512022-01-05 10:02:23.460root 11241100x80000000000000006958512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea2bab4b5dadabc2022-01-05 10:02:23.460root 11241100x80000000000000006958513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7d8b70348b82592022-01-05 10:02:23.460root 11241100x80000000000000006958514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae3b046eca8fdf62022-01-05 10:02:23.460root 11241100x80000000000000006958515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e924c051426bef2022-01-05 10:02:23.460root 11241100x80000000000000006958516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd03b588db850a7b2022-01-05 10:02:23.461root 11241100x80000000000000006958517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af464b46dca160302022-01-05 10:02:23.461root 11241100x80000000000000006958518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a9bce964c40f9b2022-01-05 10:02:23.461root 11241100x80000000000000006958519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1827616e0ed9fec22022-01-05 10:02:23.461root 11241100x80000000000000006958520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5676aada98b3d53f2022-01-05 10:02:23.461root 11241100x80000000000000006958521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cb08c3432d109e2022-01-05 10:02:23.462root 11241100x80000000000000006958522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bfca039001db872022-01-05 10:02:23.959root 11241100x80000000000000006958523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cf8898503fa7012022-01-05 10:02:23.959root 11241100x80000000000000006958524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cdb4bcca7141782022-01-05 10:02:23.960root 11241100x80000000000000006958525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3d7723f840b4712022-01-05 10:02:23.960root 11241100x80000000000000006958526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216f98a2ba40fd182022-01-05 10:02:23.960root 11241100x80000000000000006958527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439eb90bac71ef422022-01-05 10:02:23.960root 11241100x80000000000000006958528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd98f5db65e320f2022-01-05 10:02:23.960root 11241100x80000000000000006958529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a34efc64d76c312022-01-05 10:02:23.961root 11241100x80000000000000006958530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc4f060cc9b0de92022-01-05 10:02:23.961root 11241100x80000000000000006958531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e91c480aa6ebac2022-01-05 10:02:23.961root 11241100x80000000000000006958532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534366b5405b72dd2022-01-05 10:02:23.961root 11241100x80000000000000006958533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5a862964b3a6b62022-01-05 10:02:23.961root 11241100x80000000000000006958534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6fdcd020897de02022-01-05 10:02:23.961root 11241100x80000000000000006958535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549c2296123fc8592022-01-05 10:02:23.961root 11241100x80000000000000006958536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5041a1aa5a08732022-01-05 10:02:24.459root 11241100x80000000000000006958537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6992995022d2510a2022-01-05 10:02:24.459root 11241100x80000000000000006958538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004c0126ee2a37242022-01-05 10:02:24.459root 11241100x80000000000000006958539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f02de92cf36101e2022-01-05 10:02:24.459root 11241100x80000000000000006958540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652a5220fdd8f8302022-01-05 10:02:24.460root 11241100x80000000000000006958541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc3475e5bc59cc32022-01-05 10:02:24.460root 11241100x80000000000000006958542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215a22def15f93062022-01-05 10:02:24.460root 11241100x80000000000000006958543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34c90a33e7f0c202022-01-05 10:02:24.460root 11241100x80000000000000006958544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062b85ca6b5f75952022-01-05 10:02:24.460root 11241100x80000000000000006958545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa973194a200d2b2022-01-05 10:02:24.460root 11241100x80000000000000006958546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c885341c772077c42022-01-05 10:02:24.460root 11241100x80000000000000006958547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f42b9c0dabb9a32022-01-05 10:02:24.460root 11241100x80000000000000006958548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bb68e1a34e44342022-01-05 10:02:24.460root 11241100x80000000000000006958549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecb2db5a1dec8b62022-01-05 10:02:24.460root 11241100x80000000000000006958550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c611fa02c5360e2022-01-05 10:02:24.959root 11241100x80000000000000006958551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451607ab05d740622022-01-05 10:02:24.959root 11241100x80000000000000006958552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0447d569a6b0d82022-01-05 10:02:24.959root 11241100x80000000000000006958553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aebf58f0c2270b72022-01-05 10:02:24.959root 11241100x80000000000000006958554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581f62af7729d0782022-01-05 10:02:24.959root 11241100x80000000000000006958555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8b350b70427f482022-01-05 10:02:24.959root 11241100x80000000000000006958556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e1767492fd98582022-01-05 10:02:24.959root 11241100x80000000000000006958557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1d4b50526cc62e2022-01-05 10:02:24.959root 11241100x80000000000000006958558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbb7b5f17c3a4022022-01-05 10:02:24.960root 11241100x80000000000000006958559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a50d9203196c952022-01-05 10:02:24.960root 11241100x80000000000000006958560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8729aed8e36035b2022-01-05 10:02:24.960root 11241100x80000000000000006958561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6530fdb385c99a0c2022-01-05 10:02:24.960root 11241100x80000000000000006958562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afaa0486c88926e2022-01-05 10:02:24.960root 11241100x80000000000000006958563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e0e03909af2d262022-01-05 10:02:24.961root 11241100x80000000000000006958564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3603e0a224b347312022-01-05 10:02:25.460root 11241100x80000000000000006958565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d08a78a7eab5c72022-01-05 10:02:25.460root 11241100x80000000000000006958566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877fa46493ee41e12022-01-05 10:02:25.460root 11241100x80000000000000006958567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0637e771142cadd22022-01-05 10:02:25.460root 11241100x80000000000000006958568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a21b173b33866f2022-01-05 10:02:25.460root 11241100x80000000000000006958569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db5fb547313eea22022-01-05 10:02:25.460root 11241100x80000000000000006958570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f5a18c392907df2022-01-05 10:02:25.460root 11241100x80000000000000006958571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3ad16daaba30202022-01-05 10:02:25.460root 11241100x80000000000000006958572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cfce53e6b493aa2022-01-05 10:02:25.460root 11241100x80000000000000006958573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a023b9e228cd3b72022-01-05 10:02:25.460root 11241100x80000000000000006958574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7137932b5ca2e3b72022-01-05 10:02:25.460root 11241100x80000000000000006958575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb89daa98af62842022-01-05 10:02:25.460root 11241100x80000000000000006958576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c357be194ea8ae522022-01-05 10:02:25.460root 11241100x80000000000000006958577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be07b8b13e9971282022-01-05 10:02:25.461root 11241100x80000000000000006958578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767d48919992e0222022-01-05 10:02:25.959root 11241100x80000000000000006958579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f24cafdad750112022-01-05 10:02:25.959root 11241100x80000000000000006958580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904e9cdd020af5062022-01-05 10:02:25.959root 11241100x80000000000000006958581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc617028a06b93af2022-01-05 10:02:25.960root 11241100x80000000000000006958582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4345db7de1409162022-01-05 10:02:25.960root 11241100x80000000000000006958583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355337e1a53e94962022-01-05 10:02:25.960root 11241100x80000000000000006958584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86704af77d9a3b5e2022-01-05 10:02:25.960root 11241100x80000000000000006958585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3873219208d0782022-01-05 10:02:25.961root 11241100x80000000000000006958586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880988d726e383072022-01-05 10:02:25.961root 11241100x80000000000000006958587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1efd7a4d2f5e95c2022-01-05 10:02:25.961root 11241100x80000000000000006958588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e731b51c42ef94e2022-01-05 10:02:25.961root 11241100x80000000000000006958589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477037738dffd9712022-01-05 10:02:25.962root 11241100x80000000000000006958590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7de11f8f409f9772022-01-05 10:02:25.962root 11241100x80000000000000006958591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b739b4c694bf072022-01-05 10:02:25.962root 11241100x80000000000000006958592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f473f98030101ef2022-01-05 10:02:26.459root 11241100x80000000000000006958593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0cdc6933346ae62022-01-05 10:02:26.459root 11241100x80000000000000006958594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b78d9e76bfaeda72022-01-05 10:02:26.460root 11241100x80000000000000006958595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0a5a68b2ff7d2f2022-01-05 10:02:26.460root 11241100x80000000000000006958596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2aebc823bc9dc942022-01-05 10:02:26.460root 11241100x80000000000000006958597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18238904c88c18d2022-01-05 10:02:26.460root 11241100x80000000000000006958598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c99ec0eeced4aab2022-01-05 10:02:26.460root 11241100x80000000000000006958599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f48eb5b124c0a82022-01-05 10:02:26.460root 11241100x80000000000000006958600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1984d45ae508842022-01-05 10:02:26.460root 11241100x80000000000000006958601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea893aa8c2246e52022-01-05 10:02:26.460root 11241100x80000000000000006958602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80023e9765a47a9d2022-01-05 10:02:26.460root 11241100x80000000000000006958603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069c95b6e531a5482022-01-05 10:02:26.460root 11241100x80000000000000006958604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d32eb5289fc7c22022-01-05 10:02:26.460root 11241100x80000000000000006958605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea82138a980b1622022-01-05 10:02:26.460root 11241100x80000000000000006958606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844a75e24490a4fc2022-01-05 10:02:26.959root 11241100x80000000000000006958607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa67b2a54b40139e2022-01-05 10:02:26.960root 11241100x80000000000000006958608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90f5b011db2b8d92022-01-05 10:02:26.960root 11241100x80000000000000006958609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b19c7de680b5ada2022-01-05 10:02:26.960root 11241100x80000000000000006958610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58027e14e87618d72022-01-05 10:02:26.960root 11241100x80000000000000006958611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ae3ebd3de9ff222022-01-05 10:02:26.960root 11241100x80000000000000006958612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052f70216b5b7e162022-01-05 10:02:26.960root 11241100x80000000000000006958613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af67b32adccbf3872022-01-05 10:02:26.960root 11241100x80000000000000006958614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec13dcc0b71fb91b2022-01-05 10:02:26.960root 11241100x80000000000000006958615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca709ce7eb14ca62022-01-05 10:02:26.960root 11241100x80000000000000006958616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde21ebea96e7e912022-01-05 10:02:26.961root 11241100x80000000000000006958617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1292dee2fa7bfffe2022-01-05 10:02:26.961root 11241100x80000000000000006958618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a311e403ba60d4572022-01-05 10:02:26.961root 11241100x80000000000000006958619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3699b492866cf0a02022-01-05 10:02:26.961root 11241100x80000000000000006958620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d174024aabc3a4f2022-01-05 10:02:27.459root 11241100x80000000000000006958621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cb6adf435885392022-01-05 10:02:27.459root 11241100x80000000000000006958622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57eb618804c6ee822022-01-05 10:02:27.459root 11241100x80000000000000006958623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79d0b88fc1368aa2022-01-05 10:02:27.459root 11241100x80000000000000006958624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3937859cc2bd83f72022-01-05 10:02:27.460root 11241100x80000000000000006958625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf686312446fae742022-01-05 10:02:27.460root 11241100x80000000000000006958626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994d992318a4a0422022-01-05 10:02:27.460root 11241100x80000000000000006958627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1d3c7aebf332712022-01-05 10:02:27.460root 11241100x80000000000000006958628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81163256f6492c762022-01-05 10:02:27.460root 11241100x80000000000000006958629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5319bbc1247dc1a42022-01-05 10:02:27.460root 11241100x80000000000000006958630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a46fb06ba62b722022-01-05 10:02:27.460root 11241100x80000000000000006958631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61454f6067d08c752022-01-05 10:02:27.460root 11241100x80000000000000006958632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6403ac7d65c6d7ff2022-01-05 10:02:27.460root 11241100x80000000000000006958633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1cebacae44578a2022-01-05 10:02:27.460root 11241100x80000000000000006958634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163661ddba19e8ba2022-01-05 10:02:27.959root 11241100x80000000000000006958635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821a60ebf842a81c2022-01-05 10:02:27.960root 11241100x80000000000000006958636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cf49ad7ff3d1fb2022-01-05 10:02:27.960root 11241100x80000000000000006958637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c179011aea0c512022-01-05 10:02:27.960root 11241100x80000000000000006958638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba7a1d7db8c11722022-01-05 10:02:27.960root 11241100x80000000000000006958639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d4e5ae202f993f2022-01-05 10:02:27.961root 11241100x80000000000000006958640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee40086270b0fc72022-01-05 10:02:27.961root 11241100x80000000000000006958641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76418388d93ef9152022-01-05 10:02:27.961root 11241100x80000000000000006958642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897e100995e622ae2022-01-05 10:02:27.961root 11241100x80000000000000006958643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f2f31d1a5274342022-01-05 10:02:27.961root 11241100x80000000000000006958644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1989b09ecf8eab2022-01-05 10:02:27.961root 11241100x80000000000000006958645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9faa385ad7babd32022-01-05 10:02:27.961root 11241100x80000000000000006958646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f6e135f222dfbf2022-01-05 10:02:27.961root 11241100x80000000000000006958647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dad4c36eb72acf2022-01-05 10:02:27.961root 354300x80000000000000006958648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.174{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41708-false10.0.1.12-8000- 11241100x80000000000000006958649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaea36f1dbde8442022-01-05 10:02:28.459root 11241100x80000000000000006958650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e9439e5e29d2992022-01-05 10:02:28.460root 11241100x80000000000000006958651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c233d0524b7228732022-01-05 10:02:28.460root 11241100x80000000000000006958652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd43302bf53943852022-01-05 10:02:28.460root 11241100x80000000000000006958653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849b2962bbe98a672022-01-05 10:02:28.460root 11241100x80000000000000006958654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbc4cfdc3adf3482022-01-05 10:02:28.460root 11241100x80000000000000006958655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c6b3d4b139e6172022-01-05 10:02:28.460root 11241100x80000000000000006958656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b113f233cd1cb9c92022-01-05 10:02:28.460root 11241100x80000000000000006958657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1d783a1e47de7c2022-01-05 10:02:28.460root 11241100x80000000000000006958658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e935288d4fdef62022-01-05 10:02:28.461root 11241100x80000000000000006958659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b267219bdf90362022-01-05 10:02:28.461root 11241100x80000000000000006958660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135d0249bd9272322022-01-05 10:02:28.461root 11241100x80000000000000006958661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bdc7a2958ad1b22022-01-05 10:02:28.461root 11241100x80000000000000006958662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb6041a29b258d82022-01-05 10:02:28.461root 11241100x80000000000000006958663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f321a8caffe5d84c2022-01-05 10:02:28.461root 11241100x80000000000000006958664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221d8b314aaa380b2022-01-05 10:02:28.959root 11241100x80000000000000006958665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd99a5d04cca6552022-01-05 10:02:28.959root 11241100x80000000000000006958666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae1c3ffe9615c3e2022-01-05 10:02:28.959root 11241100x80000000000000006958667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2164ea5d18f837732022-01-05 10:02:28.959root 11241100x80000000000000006958668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1616dcebe6df4be2022-01-05 10:02:28.959root 11241100x80000000000000006958669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfd8df86e4b639d2022-01-05 10:02:28.959root 11241100x80000000000000006958670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec3d0ae0f462c4e2022-01-05 10:02:28.959root 11241100x80000000000000006958671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314e22863af2d51b2022-01-05 10:02:28.960root 11241100x80000000000000006958672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be9dad5251cc75e2022-01-05 10:02:28.960root 11241100x80000000000000006958673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a563b721b27e1d1e2022-01-05 10:02:28.960root 11241100x80000000000000006958674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06d18b8cda3789e2022-01-05 10:02:28.960root 11241100x80000000000000006958675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528cf969210ba5742022-01-05 10:02:28.960root 11241100x80000000000000006958676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054a7848550df02e2022-01-05 10:02:28.960root 11241100x80000000000000006958677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeba6eac5b9f73152022-01-05 10:02:28.960root 11241100x80000000000000006958678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d928893c7bdffd5f2022-01-05 10:02:28.960root 11241100x80000000000000006958679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf15fe9e1779809b2022-01-05 10:02:28.960root 11241100x80000000000000006958680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:02:29.221root 11241100x80000000000000006958681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406ce66c50239d132022-01-05 10:02:29.222root 11241100x80000000000000006958682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a654a0cca5980e102022-01-05 10:02:29.222root 11241100x80000000000000006958683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468c2824c07271a2022-01-05 10:02:29.222root 11241100x80000000000000006958684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c930a1420400692022-01-05 10:02:29.222root 11241100x80000000000000006958685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddbdd20dbe6bfbe2022-01-05 10:02:29.222root 11241100x80000000000000006958686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b270c6187150a4ca2022-01-05 10:02:29.223root 11241100x80000000000000006958687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1e07c95e31f8de2022-01-05 10:02:29.223root 11241100x80000000000000006958688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d04ce6873a92bd72022-01-05 10:02:29.223root 11241100x80000000000000006958689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e8aa6efe49d9ff2022-01-05 10:02:29.224root 11241100x80000000000000006958690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813ea6fcd6460c032022-01-05 10:02:29.224root 11241100x80000000000000006958691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618b044a3bd4556f2022-01-05 10:02:29.224root 11241100x80000000000000006958692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa9cc65c221687d2022-01-05 10:02:29.224root 11241100x80000000000000006958693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56f335fc666ad282022-01-05 10:02:29.224root 11241100x80000000000000006958694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911d3fc8ded60a0b2022-01-05 10:02:29.226root 11241100x80000000000000006958695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab25dfc08ce97b82022-01-05 10:02:29.226root 11241100x80000000000000006958696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ffe02f69ba97732022-01-05 10:02:29.226root 11241100x80000000000000006958697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0688536c3752720b2022-01-05 10:02:29.226root 11241100x80000000000000006958698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3944221808bbc8012022-01-05 10:02:29.226root 11241100x80000000000000006958699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fabddaf6401cc02022-01-05 10:02:29.227root 11241100x80000000000000006958700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c2479dc09fd5b42022-01-05 10:02:29.227root 11241100x80000000000000006958701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c758f869eb9a16b62022-01-05 10:02:29.227root 11241100x80000000000000006958702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f27dcc1e28b36d2022-01-05 10:02:29.227root 11241100x80000000000000006958703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c8381d8165ba0d2022-01-05 10:02:29.709root 11241100x80000000000000006958704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bdca8547f3b4372022-01-05 10:02:29.710root 11241100x80000000000000006958705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75624f2f7ff182a12022-01-05 10:02:29.710root 11241100x80000000000000006958706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fe59fae6c1fb502022-01-05 10:02:29.710root 11241100x80000000000000006958707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea3c860024451c32022-01-05 10:02:29.710root 11241100x80000000000000006958708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d737b17f14bb7b2022-01-05 10:02:29.711root 11241100x80000000000000006958709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd998a58686d5c282022-01-05 10:02:29.711root 11241100x80000000000000006958710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce030c1e4e1aa322022-01-05 10:02:29.711root 11241100x80000000000000006958711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc61740d5a799d352022-01-05 10:02:29.711root 11241100x80000000000000006958712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5f3884ebfd6b812022-01-05 10:02:29.712root 11241100x80000000000000006958713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1883497132345452022-01-05 10:02:29.712root 11241100x80000000000000006958714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e193a80aae55a41e2022-01-05 10:02:29.712root 11241100x80000000000000006958715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10a0f80ad3e70972022-01-05 10:02:29.712root 11241100x80000000000000006958716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128f43bb11962e3e2022-01-05 10:02:29.713root 11241100x80000000000000006958717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe278436940a1de2022-01-05 10:02:29.713root 11241100x80000000000000006958718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6f9c749441230a2022-01-05 10:02:29.713root 11241100x80000000000000006958719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c7055c68cd02472022-01-05 10:02:30.209root 11241100x80000000000000006958720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cb19a188cc0db82022-01-05 10:02:30.210root 11241100x80000000000000006958721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85bceb0bdd2ed442022-01-05 10:02:30.210root 11241100x80000000000000006958722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938c21c41aefbc1b2022-01-05 10:02:30.210root 11241100x80000000000000006958723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bff9b6e48075272022-01-05 10:02:30.210root 11241100x80000000000000006958724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b1a4d789d15dc02022-01-05 10:02:30.210root 11241100x80000000000000006958725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1518789005b06eea2022-01-05 10:02:30.210root 11241100x80000000000000006958726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624b9ae31568c6b42022-01-05 10:02:30.210root 11241100x80000000000000006958727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf63806d100dee22022-01-05 10:02:30.210root 11241100x80000000000000006958728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0b6c66aba07d402022-01-05 10:02:30.210root 11241100x80000000000000006958729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8657eb9345e2c8522022-01-05 10:02:30.210root 11241100x80000000000000006958730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31f3fbde8477fcd2022-01-05 10:02:30.210root 11241100x80000000000000006958731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f89309cb8b9e322022-01-05 10:02:30.210root 11241100x80000000000000006958732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed416dc0b05d5f6a2022-01-05 10:02:30.210root 11241100x80000000000000006958733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472352647a4125ed2022-01-05 10:02:30.211root 11241100x80000000000000006958734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9106149366643df42022-01-05 10:02:30.211root 11241100x80000000000000006958735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f617dd2b456238f2022-01-05 10:02:30.709root 11241100x80000000000000006958736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3169b957a7857f572022-01-05 10:02:30.709root 11241100x80000000000000006958737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e685b8b59829092022-01-05 10:02:30.709root 11241100x80000000000000006958738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db122b490ebafb272022-01-05 10:02:30.710root 11241100x80000000000000006958739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b481e14601dff322022-01-05 10:02:30.710root 11241100x80000000000000006958740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44422245375f13b02022-01-05 10:02:30.710root 11241100x80000000000000006958741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219d4f8d6a2b84272022-01-05 10:02:30.710root 11241100x80000000000000006958742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4a0e2a1823e0cb2022-01-05 10:02:30.710root 11241100x80000000000000006958743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76c607628ff04d32022-01-05 10:02:30.711root 11241100x80000000000000006958744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edb5636adcb120a2022-01-05 10:02:30.711root 11241100x80000000000000006958745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf8a34836484ceb2022-01-05 10:02:30.711root 11241100x80000000000000006958746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dc9f3df18ae3cb2022-01-05 10:02:30.711root 11241100x80000000000000006958747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25109faa5f1922412022-01-05 10:02:30.711root 11241100x80000000000000006958748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c240253eb227f10a2022-01-05 10:02:30.711root 11241100x80000000000000006958749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810cbca93a87afbc2022-01-05 10:02:30.712root 11241100x80000000000000006958750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:30.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20691151b01d21682022-01-05 10:02:30.715root 11241100x80000000000000006958751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd46899266ae6b32022-01-05 10:02:31.209root 11241100x80000000000000006958752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835635281c8857bd2022-01-05 10:02:31.210root 11241100x80000000000000006958753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f31a0b63f04dd0e2022-01-05 10:02:31.210root 11241100x80000000000000006958754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6f313dc77727bd2022-01-05 10:02:31.210root 11241100x80000000000000006958755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53d7fbebc80048f2022-01-05 10:02:31.210root 11241100x80000000000000006958756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf6ca1599506d092022-01-05 10:02:31.210root 11241100x80000000000000006958757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d645537e067ff8fb2022-01-05 10:02:31.211root 11241100x80000000000000006958758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc27802f807f3d22022-01-05 10:02:31.211root 11241100x80000000000000006958759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1a92ad80855f6a2022-01-05 10:02:31.211root 11241100x80000000000000006958760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac864ab826bbcf12022-01-05 10:02:31.211root 11241100x80000000000000006958761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3074d234fddba22022-01-05 10:02:31.211root 11241100x80000000000000006958762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee13afe328bc4c82022-01-05 10:02:31.211root 11241100x80000000000000006958763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51679234547eb08c2022-01-05 10:02:31.212root 11241100x80000000000000006958764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fa893ec38684522022-01-05 10:02:31.212root 11241100x80000000000000006958765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4b511b010c155c2022-01-05 10:02:31.212root 11241100x80000000000000006958766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d24c7afaf670eb2022-01-05 10:02:31.213root 11241100x80000000000000006958767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971ef586ccefabc42022-01-05 10:02:31.709root 11241100x80000000000000006958768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd8ffa7620e960a2022-01-05 10:02:31.709root 11241100x80000000000000006958769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826b8e2964c54ab72022-01-05 10:02:31.710root 11241100x80000000000000006958770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc945a5d86ba0202022-01-05 10:02:31.710root 11241100x80000000000000006958771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a2c350120c5f382022-01-05 10:02:31.710root 11241100x80000000000000006958772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1b2489422c149c2022-01-05 10:02:31.710root 11241100x80000000000000006958773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed11476f7fd166b2022-01-05 10:02:31.710root 11241100x80000000000000006958774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3e2892afe0d8332022-01-05 10:02:31.710root 11241100x80000000000000006958775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f845c2150d7ef082022-01-05 10:02:31.711root 11241100x80000000000000006958776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b432c434b2ea082022-01-05 10:02:31.711root 11241100x80000000000000006958777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae9a3a319e61a872022-01-05 10:02:31.711root 11241100x80000000000000006958778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dd23f56efa699f2022-01-05 10:02:31.711root 11241100x80000000000000006958779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37fc3f0b6bfd8cf2022-01-05 10:02:31.711root 11241100x80000000000000006958780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c58ad8dd1e710a2022-01-05 10:02:31.711root 11241100x80000000000000006958781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3c9dcfec84aff12022-01-05 10:02:31.711root 11241100x80000000000000006958782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a359941fc45491d2022-01-05 10:02:31.711root 11241100x80000000000000006958783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ec344e87b335622022-01-05 10:02:32.209root 11241100x80000000000000006958784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c40ca4040ee71a82022-01-05 10:02:32.210root 11241100x80000000000000006958785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e452c92dcbfd3852022-01-05 10:02:32.210root 11241100x80000000000000006958786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b447d4ed5a8682f2022-01-05 10:02:32.210root 11241100x80000000000000006958787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7813b46b2689d38a2022-01-05 10:02:32.210root 11241100x80000000000000006958788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cebd2490eeb553e2022-01-05 10:02:32.210root 11241100x80000000000000006958789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44be092c620e997f2022-01-05 10:02:32.210root 11241100x80000000000000006958790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf688dbeda5bc822022-01-05 10:02:32.210root 11241100x80000000000000006958791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56918a2627910b92022-01-05 10:02:32.210root 11241100x80000000000000006958792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38769a278c20402022-01-05 10:02:32.210root 11241100x80000000000000006958793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120e9678814fe9ea2022-01-05 10:02:32.210root 11241100x80000000000000006958794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764781745ac9531b2022-01-05 10:02:32.210root 11241100x80000000000000006958795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c98d2d6add7e2e42022-01-05 10:02:32.210root 11241100x80000000000000006958796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36685aa187e825582022-01-05 10:02:32.210root 11241100x80000000000000006958797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7ef621203e32ad2022-01-05 10:02:32.211root 11241100x80000000000000006958798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b347cd1cf488f2d02022-01-05 10:02:32.211root 23542300x80000000000000006958799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006958800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f30a94c368e1fc2022-01-05 10:02:32.709root 11241100x80000000000000006958801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc6112f59383dd72022-01-05 10:02:32.709root 11241100x80000000000000006958802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c90cb5de72574f52022-01-05 10:02:32.710root 11241100x80000000000000006958803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8f6f3782ce1b252022-01-05 10:02:32.710root 11241100x80000000000000006958804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9ac96c37949aa82022-01-05 10:02:32.710root 11241100x80000000000000006958805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c27e650c6986b5c2022-01-05 10:02:32.710root 11241100x80000000000000006958806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b05a18542843b52022-01-05 10:02:32.710root 11241100x80000000000000006958807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2209485317aa8aec2022-01-05 10:02:32.710root 11241100x80000000000000006958808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527e5e0363f468f22022-01-05 10:02:32.710root 11241100x80000000000000006958809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c5d7fb4b17f7892022-01-05 10:02:32.710root 11241100x80000000000000006958810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b906eaf38cea9afb2022-01-05 10:02:32.710root 11241100x80000000000000006958811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f8ef88fa93fd642022-01-05 10:02:32.710root 11241100x80000000000000006958812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861eeb8b148a2d72022-01-05 10:02:32.710root 11241100x80000000000000006958813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934702cae02327b12022-01-05 10:02:32.710root 11241100x80000000000000006958814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e70827d579eb9c82022-01-05 10:02:32.710root 11241100x80000000000000006958815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df08144f49a8474f2022-01-05 10:02:32.710root 11241100x80000000000000006958816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b4864deeb5a4bf2022-01-05 10:02:32.710root 11241100x80000000000000006958817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdf8a308d1566972022-01-05 10:02:33.210root 11241100x80000000000000006958818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d57c680bf59a2702022-01-05 10:02:33.210root 11241100x80000000000000006958819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364a68dfd81a25c22022-01-05 10:02:33.210root 11241100x80000000000000006958820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae4efa6705685e2022-01-05 10:02:33.210root 11241100x80000000000000006958821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf0af31c3e353422022-01-05 10:02:33.210root 11241100x80000000000000006958822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b519d4fd56046a2022-01-05 10:02:33.210root 11241100x80000000000000006958823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b5dc80e4d490d42022-01-05 10:02:33.210root 11241100x80000000000000006958824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495af579ce24c5e32022-01-05 10:02:33.210root 11241100x80000000000000006958825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8986c6975f755cb82022-01-05 10:02:33.210root 11241100x80000000000000006958826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8237178b5a6ec8ef2022-01-05 10:02:33.210root 11241100x80000000000000006958827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebd035521d4725e2022-01-05 10:02:33.210root 11241100x80000000000000006958828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390c4e29e025a2532022-01-05 10:02:33.211root 11241100x80000000000000006958829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d117812fb6174e2022-01-05 10:02:33.211root 11241100x80000000000000006958830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c9ba218f5924d12022-01-05 10:02:33.211root 11241100x80000000000000006958831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7c7937344f40dd2022-01-05 10:02:33.211root 11241100x80000000000000006958832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d5ec91755516db2022-01-05 10:02:33.211root 11241100x80000000000000006958833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3427c2fed0589bfb2022-01-05 10:02:33.211root 11241100x80000000000000006958834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebdb9dd3ce837ae2022-01-05 10:02:33.709root 11241100x80000000000000006958835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361f8a113f2c5d092022-01-05 10:02:33.709root 11241100x80000000000000006958836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502709ffeb6a4ad02022-01-05 10:02:33.710root 11241100x80000000000000006958837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edc2742848a69f52022-01-05 10:02:33.710root 11241100x80000000000000006958838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f099bba22dd3e32022-01-05 10:02:33.710root 11241100x80000000000000006958839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954d11bd6c4a46442022-01-05 10:02:33.710root 11241100x80000000000000006958840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbae82391f9bbad2022-01-05 10:02:33.710root 11241100x80000000000000006958841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97a8f95d57710f82022-01-05 10:02:33.710root 11241100x80000000000000006958842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a886cac68bb95172022-01-05 10:02:33.710root 11241100x80000000000000006958843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45baf0e869a9af8c2022-01-05 10:02:33.710root 11241100x80000000000000006958844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041d84e401fc49062022-01-05 10:02:33.710root 11241100x80000000000000006958845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97f3fe9334ccdf62022-01-05 10:02:33.710root 11241100x80000000000000006958846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb2a2c9bc6d91962022-01-05 10:02:33.710root 11241100x80000000000000006958847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0ab365fec77ca92022-01-05 10:02:33.711root 11241100x80000000000000006958848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b7046a44ade5b22022-01-05 10:02:33.711root 11241100x80000000000000006958849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b23c22a305e98f12022-01-05 10:02:33.711root 11241100x80000000000000006958850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e158f31ca4eac52022-01-05 10:02:33.711root 354300x80000000000000006958851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:33.728{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42190-false10.0.1.12-8089- 354300x80000000000000006958852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.053{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41712-false10.0.1.12-8000- 11241100x80000000000000006958853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07dfa100dbd68582022-01-05 10:02:34.054root 11241100x80000000000000006958854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b492eab1bfdf362022-01-05 10:02:34.054root 11241100x80000000000000006958855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba582b015fb3301f2022-01-05 10:02:34.054root 11241100x80000000000000006958856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe097822ba9583382022-01-05 10:02:34.055root 11241100x80000000000000006958857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65037d89b61f2ba32022-01-05 10:02:34.055root 11241100x80000000000000006958858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9e5e60f9ac65ab2022-01-05 10:02:34.055root 11241100x80000000000000006958859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a30a17a28e3dfc2022-01-05 10:02:34.055root 11241100x80000000000000006958860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b454dfd0f894f92022-01-05 10:02:34.055root 11241100x80000000000000006958861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d332f64dae432792022-01-05 10:02:34.055root 11241100x80000000000000006958862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c565204cd85f6d5c2022-01-05 10:02:34.055root 11241100x80000000000000006958863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d0126edb81384b2022-01-05 10:02:34.055root 11241100x80000000000000006958864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6facacb5b4dfbff52022-01-05 10:02:34.055root 11241100x80000000000000006958865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e06ec82d64d6b12022-01-05 10:02:34.056root 11241100x80000000000000006958866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9470fb5dcdf64062022-01-05 10:02:34.056root 11241100x80000000000000006958867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d02aaf9707c41402022-01-05 10:02:34.056root 11241100x80000000000000006958868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303c1c4c2aa9abc32022-01-05 10:02:34.056root 11241100x80000000000000006958869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c666d8849a8bd32d2022-01-05 10:02:34.056root 11241100x80000000000000006958870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046d34e0bde496b92022-01-05 10:02:34.056root 11241100x80000000000000006958871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaeb2aa2e4dbec22022-01-05 10:02:34.056root 11241100x80000000000000006958872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54623722d3a4cca12022-01-05 10:02:34.056root 11241100x80000000000000006958873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13cc97606b68bc32022-01-05 10:02:34.056root 11241100x80000000000000006958874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434a7bd55bf38cda2022-01-05 10:02:34.056root 11241100x80000000000000006958875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402e5c49fe4351d82022-01-05 10:02:34.056root 11241100x80000000000000006958876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.057{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf77b73a45eae8f92022-01-05 10:02:34.057root 11241100x80000000000000006958877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.057{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d19fed6c108a6d2022-01-05 10:02:34.057root 11241100x80000000000000006958878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646a41402ccd01732022-01-05 10:02:34.459root 11241100x80000000000000006958879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55935622c284e08f2022-01-05 10:02:34.459root 11241100x80000000000000006958880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3080a157dd6dcd2022-01-05 10:02:34.459root 11241100x80000000000000006958881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7633b52c9a84119f2022-01-05 10:02:34.459root 11241100x80000000000000006958882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3b06e2f31d954f2022-01-05 10:02:34.459root 11241100x80000000000000006958883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fdfe62c579df902022-01-05 10:02:34.459root 11241100x80000000000000006958884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6478c38f3a1f7bd2022-01-05 10:02:34.459root 11241100x80000000000000006958885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cd32431a7d9c9d2022-01-05 10:02:34.459root 11241100x80000000000000006958886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2228f5f8e4382d82022-01-05 10:02:34.460root 11241100x80000000000000006958887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a27630b6d50d3d2022-01-05 10:02:34.460root 11241100x80000000000000006958888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ffd293e3e52cb42022-01-05 10:02:34.460root 11241100x80000000000000006958889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417bc6fed81febe72022-01-05 10:02:34.460root 11241100x80000000000000006958890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7a20b81868f9692022-01-05 10:02:34.460root 11241100x80000000000000006958891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7cd8bfc2dfed482022-01-05 10:02:34.460root 11241100x80000000000000006958892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3030bc8bd978f70d2022-01-05 10:02:34.460root 11241100x80000000000000006958893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268c9e9c1340a3872022-01-05 10:02:34.460root 11241100x80000000000000006958894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b000aabba0d7e22022-01-05 10:02:34.460root 11241100x80000000000000006958895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb77c3aef5b83012022-01-05 10:02:34.460root 11241100x80000000000000006958896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b669bf33ae0f81e2022-01-05 10:02:34.460root 11241100x80000000000000006958897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d012786fc6753d2022-01-05 10:02:34.959root 11241100x80000000000000006958898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c6068c74b9c7e32022-01-05 10:02:34.960root 11241100x80000000000000006958899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cdc5fc4816c0032022-01-05 10:02:34.960root 11241100x80000000000000006958900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b28ac91bbf1b6d2022-01-05 10:02:34.960root 11241100x80000000000000006958901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cc7ef6e395504a2022-01-05 10:02:34.960root 11241100x80000000000000006958902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdd27c82c2ccdd12022-01-05 10:02:34.960root 11241100x80000000000000006958903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca359284bdf8db582022-01-05 10:02:34.960root 11241100x80000000000000006958904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5570e6b22ab646a2022-01-05 10:02:34.960root 11241100x80000000000000006958905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09deefa32b52438f2022-01-05 10:02:34.960root 11241100x80000000000000006958906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad31a93c1be6d4952022-01-05 10:02:34.960root 11241100x80000000000000006958907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d3d7fd21b6d4c42022-01-05 10:02:34.960root 11241100x80000000000000006958908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ed3323f91582d92022-01-05 10:02:34.960root 11241100x80000000000000006958909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bda2f56ea26f432022-01-05 10:02:34.960root 11241100x80000000000000006958910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22becb5bc223f26e2022-01-05 10:02:34.960root 11241100x80000000000000006958911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4accf6e2110a4332022-01-05 10:02:34.960root 11241100x80000000000000006958912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def4f791dd74dfde2022-01-05 10:02:34.961root 11241100x80000000000000006958913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c075dfbc14f4fa162022-01-05 10:02:34.961root 11241100x80000000000000006958914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf647cb203e8e37f2022-01-05 10:02:34.961root 11241100x80000000000000006958915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a7561bbb7d6ac92022-01-05 10:02:34.961root 11241100x80000000000000006958916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fc0de297e68ea72022-01-05 10:02:35.460root 11241100x80000000000000006958917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec672a259eb1d58d2022-01-05 10:02:35.460root 11241100x80000000000000006958918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb47462e10931fd2022-01-05 10:02:35.460root 11241100x80000000000000006958919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aa08cc17df72672022-01-05 10:02:35.460root 11241100x80000000000000006958920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574e7885960629692022-01-05 10:02:35.460root 11241100x80000000000000006958921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06e7df15111a5a12022-01-05 10:02:35.460root 11241100x80000000000000006958922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898a1ce62eaed1102022-01-05 10:02:35.460root 11241100x80000000000000006958923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f7e0c5aa2c49e62022-01-05 10:02:35.460root 11241100x80000000000000006958924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d116402935f6722022-01-05 10:02:35.460root 11241100x80000000000000006958925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde64816606102fb2022-01-05 10:02:35.460root 11241100x80000000000000006958926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca2f35984cd84af2022-01-05 10:02:35.461root 11241100x80000000000000006958927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07d8a51ec5e2af32022-01-05 10:02:35.461root 11241100x80000000000000006958928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced3cfcc5117569c2022-01-05 10:02:35.461root 11241100x80000000000000006958929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f749ef8b42e12b2022-01-05 10:02:35.461root 11241100x80000000000000006958930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a6610c97303eda2022-01-05 10:02:35.461root 11241100x80000000000000006958931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dead330cafe16a2022-01-05 10:02:35.461root 11241100x80000000000000006958932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3696930d28b914f2022-01-05 10:02:35.461root 11241100x80000000000000006958933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9cf6a1e5cc01e52022-01-05 10:02:35.461root 11241100x80000000000000006958934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f10a4392dbeaae12022-01-05 10:02:35.461root 11241100x80000000000000006958935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61da81d55dfe21d62022-01-05 10:02:35.960root 11241100x80000000000000006958936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eda19fbd071432c2022-01-05 10:02:35.960root 11241100x80000000000000006958937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84496971b33841a2022-01-05 10:02:35.960root 11241100x80000000000000006958938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7ac1aadd50b1a02022-01-05 10:02:35.960root 11241100x80000000000000006958939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4330bb20fbcdebc2022-01-05 10:02:35.960root 11241100x80000000000000006958940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e512cb0dc7805df12022-01-05 10:02:35.960root 11241100x80000000000000006958941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4badb6e4436b73642022-01-05 10:02:35.960root 11241100x80000000000000006958942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e7bacaf806bd4e2022-01-05 10:02:35.960root 11241100x80000000000000006958943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba58e0e9026f44822022-01-05 10:02:35.960root 11241100x80000000000000006958944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729d349e247dce342022-01-05 10:02:35.960root 11241100x80000000000000006958945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5767aaee2ec4372022-01-05 10:02:35.960root 11241100x80000000000000006958946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4466b3cf082a052b2022-01-05 10:02:35.960root 11241100x80000000000000006958947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f8e7773c47e39b2022-01-05 10:02:35.961root 11241100x80000000000000006958948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4c5cbea8fcf9392022-01-05 10:02:35.961root 11241100x80000000000000006958949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155edfced0b9f5222022-01-05 10:02:35.961root 11241100x80000000000000006958950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339a93a89a2fbaf82022-01-05 10:02:35.961root 11241100x80000000000000006958951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002bcb109564a7e92022-01-05 10:02:35.961root 11241100x80000000000000006958952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a37f2fc4b54fbe2022-01-05 10:02:35.961root 11241100x80000000000000006958953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a83c85b72db2c12022-01-05 10:02:35.961root 11241100x80000000000000006958954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce55a719cc3fe32d2022-01-05 10:02:36.460root 11241100x80000000000000006958955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0865e0d9c05ad21a2022-01-05 10:02:36.460root 11241100x80000000000000006958956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de0ba787861b9702022-01-05 10:02:36.460root 11241100x80000000000000006958957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ab6e46880c8d012022-01-05 10:02:36.460root 11241100x80000000000000006958958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76757f90348574b2022-01-05 10:02:36.460root 11241100x80000000000000006958959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8ef039a70757cc2022-01-05 10:02:36.460root 11241100x80000000000000006958960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb3deeed7b69a4b2022-01-05 10:02:36.460root 11241100x80000000000000006958961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f8d09dae5ef7742022-01-05 10:02:36.460root 11241100x80000000000000006958962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787e87ec46b996982022-01-05 10:02:36.460root 11241100x80000000000000006958963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b24211235a603942022-01-05 10:02:36.460root 11241100x80000000000000006958964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e57c9018116c7132022-01-05 10:02:36.460root 11241100x80000000000000006958965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455f2eb7a09025a12022-01-05 10:02:36.460root 11241100x80000000000000006958966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530d536b8c2afa512022-01-05 10:02:36.460root 11241100x80000000000000006958967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368a3afc19eac1112022-01-05 10:02:36.461root 11241100x80000000000000006958968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb97cd7abb2c52202022-01-05 10:02:36.461root 11241100x80000000000000006958969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f1452a06b790202022-01-05 10:02:36.461root 11241100x80000000000000006958970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e240d42bf404692022-01-05 10:02:36.461root 11241100x80000000000000006958971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbea6a35f2a0b092022-01-05 10:02:36.461root 11241100x80000000000000006958972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee54b945e061c36b2022-01-05 10:02:36.461root 11241100x80000000000000006958973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9684d683efb0cc32022-01-05 10:02:36.960root 11241100x80000000000000006958974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be416bdbf5ecb712022-01-05 10:02:36.960root 11241100x80000000000000006958975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe0e76bb265f1772022-01-05 10:02:36.960root 11241100x80000000000000006958976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea9f92a61b2e0512022-01-05 10:02:36.960root 11241100x80000000000000006958977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf3d0cc8de3c43c2022-01-05 10:02:36.960root 11241100x80000000000000006958978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19968e6cd88d0632022-01-05 10:02:36.960root 11241100x80000000000000006958979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e569e9cf632f71df2022-01-05 10:02:36.960root 11241100x80000000000000006958980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b711297403ed932022-01-05 10:02:36.960root 11241100x80000000000000006958981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9756a6ec0cd99c312022-01-05 10:02:36.960root 11241100x80000000000000006958982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65abe1e3f07af4e42022-01-05 10:02:36.960root 11241100x80000000000000006958983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af0f33767168b3b2022-01-05 10:02:36.960root 11241100x80000000000000006958984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f4aa4f6dd260c62022-01-05 10:02:36.961root 11241100x80000000000000006958985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3d14e035393e9b2022-01-05 10:02:36.961root 11241100x80000000000000006958986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dbb8857c0ec1a32022-01-05 10:02:36.961root 11241100x80000000000000006958987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f77190a4ae86b32022-01-05 10:02:36.961root 11241100x80000000000000006958988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b2c9966d21b4a12022-01-05 10:02:36.961root 11241100x80000000000000006958989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863654f2fca7c2e82022-01-05 10:02:36.961root 11241100x80000000000000006958990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c5d9e34ec394512022-01-05 10:02:36.961root 11241100x80000000000000006958991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed5d82dedeedc6a2022-01-05 10:02:36.961root 11241100x80000000000000006958992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961dde3ca768603b2022-01-05 10:02:37.460root 11241100x80000000000000006958993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382d39f500b8eced2022-01-05 10:02:37.460root 11241100x80000000000000006958994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b98c9c10751237e2022-01-05 10:02:37.460root 11241100x80000000000000006958995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d12ebe051c33362022-01-05 10:02:37.460root 11241100x80000000000000006958996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee3007a7d0a426c2022-01-05 10:02:37.460root 11241100x80000000000000006958997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f525db839bb385b2022-01-05 10:02:37.460root 11241100x80000000000000006958998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc37d07368eca2f52022-01-05 10:02:37.460root 11241100x80000000000000006958999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73c993549d6efb72022-01-05 10:02:37.460root 11241100x80000000000000006959000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd127d77ddfbce92022-01-05 10:02:37.460root 11241100x80000000000000006959001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2ed0f3b3a602012022-01-05 10:02:37.460root 11241100x80000000000000006959002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0bf234dbf6b0cb2022-01-05 10:02:37.460root 11241100x80000000000000006959003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d35601151f1f1582022-01-05 10:02:37.460root 11241100x80000000000000006959004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad46e5904808f792022-01-05 10:02:37.460root 11241100x80000000000000006959005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813ba6bc4b0f7bf32022-01-05 10:02:37.461root 11241100x80000000000000006959006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330924d8e4e977012022-01-05 10:02:37.461root 11241100x80000000000000006959007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dcd0d5f282359e2022-01-05 10:02:37.461root 11241100x80000000000000006959008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e49aab1062071572022-01-05 10:02:37.461root 11241100x80000000000000006959009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fc8c25b0b629712022-01-05 10:02:37.461root 11241100x80000000000000006959010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d385c77ee0e9672a2022-01-05 10:02:37.461root 11241100x80000000000000006959011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1cac7bf9e7720f2022-01-05 10:02:37.960root 11241100x80000000000000006959012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba628b2bd7f96822022-01-05 10:02:37.960root 11241100x80000000000000006959013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d783434f403e962022-01-05 10:02:37.960root 11241100x80000000000000006959014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662bb22a43512d0a2022-01-05 10:02:37.960root 11241100x80000000000000006959015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d8e8bda80524532022-01-05 10:02:37.960root 11241100x80000000000000006959016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4fce831c3fb0032022-01-05 10:02:37.960root 11241100x80000000000000006959017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67690e83401a3dd2022-01-05 10:02:37.960root 11241100x80000000000000006959018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea1efa2713f82d42022-01-05 10:02:37.960root 11241100x80000000000000006959019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19137dca43e5cf572022-01-05 10:02:37.961root 11241100x80000000000000006959020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2989267848f981672022-01-05 10:02:37.961root 11241100x80000000000000006959021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205374f54a2194de2022-01-05 10:02:37.961root 11241100x80000000000000006959022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737277f2cfd7bdc32022-01-05 10:02:37.961root 11241100x80000000000000006959023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4027033f372ce1d62022-01-05 10:02:37.961root 11241100x80000000000000006959024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbeca35c84c5a612022-01-05 10:02:37.961root 11241100x80000000000000006959025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8e754f8324eae32022-01-05 10:02:37.961root 11241100x80000000000000006959026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4fc2cf482099462022-01-05 10:02:37.962root 11241100x80000000000000006959027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf771d9397cbe752022-01-05 10:02:37.962root 11241100x80000000000000006959028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dc1c3e9f971da82022-01-05 10:02:37.962root 11241100x80000000000000006959029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7ceda1385bb6ec2022-01-05 10:02:37.962root 11241100x80000000000000006959030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91d8753f50ae2032022-01-05 10:02:38.460root 11241100x80000000000000006959031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93eea5c46d702f562022-01-05 10:02:38.460root 11241100x80000000000000006959032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c97cb0703baa5be2022-01-05 10:02:38.460root 11241100x80000000000000006959033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d286af637b562c2022-01-05 10:02:38.460root 11241100x80000000000000006959034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5fe1f4f0b06f852022-01-05 10:02:38.460root 11241100x80000000000000006959035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5339e0244b5a53292022-01-05 10:02:38.460root 11241100x80000000000000006959036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfdc3ff3c7f29572022-01-05 10:02:38.460root 11241100x80000000000000006959037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdc5072c2be25632022-01-05 10:02:38.460root 11241100x80000000000000006959038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fede878329be37e2022-01-05 10:02:38.460root 11241100x80000000000000006959039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e09458c54f82c622022-01-05 10:02:38.460root 11241100x80000000000000006959040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807874366689f0402022-01-05 10:02:38.460root 11241100x80000000000000006959041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99475e728f2742d2022-01-05 10:02:38.460root 11241100x80000000000000006959042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8202f7df987cc26c2022-01-05 10:02:38.460root 11241100x80000000000000006959043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51357ff59e4e9d72022-01-05 10:02:38.460root 11241100x80000000000000006959044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35026fe24a9121b2022-01-05 10:02:38.461root 11241100x80000000000000006959045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b836f9762d5a0e62022-01-05 10:02:38.461root 11241100x80000000000000006959046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feb3de8d1d384462022-01-05 10:02:38.461root 11241100x80000000000000006959047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2a601951ad95162022-01-05 10:02:38.461root 11241100x80000000000000006959048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa2ab2e04299a7e2022-01-05 10:02:38.461root 11241100x80000000000000006959049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df463149e1ad288b2022-01-05 10:02:38.960root 11241100x80000000000000006959050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c6f1d0a68a2cda2022-01-05 10:02:38.960root 11241100x80000000000000006959051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0cffc6c1ab7f5e2022-01-05 10:02:38.960root 11241100x80000000000000006959052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d321fb5e82917a6b2022-01-05 10:02:38.960root 11241100x80000000000000006959053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302e261e3199f62d2022-01-05 10:02:38.960root 11241100x80000000000000006959054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741ee5340f35407f2022-01-05 10:02:38.960root 11241100x80000000000000006959055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84b7577d02804c92022-01-05 10:02:38.960root 11241100x80000000000000006959056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4c874865692cc92022-01-05 10:02:38.961root 11241100x80000000000000006959057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042a703e3d04991e2022-01-05 10:02:38.961root 11241100x80000000000000006959058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765883f74ee93ed52022-01-05 10:02:38.961root 11241100x80000000000000006959059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0bf7e04b06b8d42022-01-05 10:02:38.961root 11241100x80000000000000006959060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c753a4cfca029f32022-01-05 10:02:38.961root 11241100x80000000000000006959061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbb5ee3e95bf5492022-01-05 10:02:38.961root 11241100x80000000000000006959062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d283d5c26fe5d02022-01-05 10:02:38.961root 11241100x80000000000000006959063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9aef057e716e2a2022-01-05 10:02:38.962root 11241100x80000000000000006959064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee1f90ad110384a2022-01-05 10:02:38.962root 11241100x80000000000000006959065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94feac920da2cdf92022-01-05 10:02:38.962root 11241100x80000000000000006959066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564935678060cd4b2022-01-05 10:02:38.962root 11241100x80000000000000006959067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113fe1237559ce882022-01-05 10:02:38.963root 354300x80000000000000006959068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.235{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41714-false10.0.1.12-8000- 11241100x80000000000000006959069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccee785dc22e8ec52022-01-05 10:02:39.235root 11241100x80000000000000006959070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66a3dd3636876fd2022-01-05 10:02:39.236root 11241100x80000000000000006959071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9ff8179ed562932022-01-05 10:02:39.236root 11241100x80000000000000006959072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4351e47897a11e2022-01-05 10:02:39.236root 11241100x80000000000000006959073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377c2312aa6a10ea2022-01-05 10:02:39.236root 11241100x80000000000000006959074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2932e218bfd610af2022-01-05 10:02:39.236root 11241100x80000000000000006959075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7076751c6e146aa2022-01-05 10:02:39.236root 11241100x80000000000000006959076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd341a507233a392022-01-05 10:02:39.237root 11241100x80000000000000006959077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6891dc24d5602742022-01-05 10:02:39.237root 11241100x80000000000000006959078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bef05840a9f326b2022-01-05 10:02:39.237root 11241100x80000000000000006959079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74b84c10c859edd2022-01-05 10:02:39.237root 11241100x80000000000000006959080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16314025f024f4e2022-01-05 10:02:39.237root 11241100x80000000000000006959081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcb97006b192eea2022-01-05 10:02:39.237root 11241100x80000000000000006959082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab28dbe63e547e3c2022-01-05 10:02:39.237root 11241100x80000000000000006959083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281a4579161eb0da2022-01-05 10:02:39.237root 11241100x80000000000000006959084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e26c79265f865eb2022-01-05 10:02:39.237root 11241100x80000000000000006959085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ff8bf41bfeedb82022-01-05 10:02:39.237root 11241100x80000000000000006959086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07722e16016a2a22022-01-05 10:02:39.237root 11241100x80000000000000006959087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b206ae89f0abcf792022-01-05 10:02:39.237root 11241100x80000000000000006959088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb14b985459f52d2022-01-05 10:02:39.237root 11241100x80000000000000006959089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf38c6f34152ea82022-01-05 10:02:39.237root 11241100x80000000000000006959090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba74b92283b57bad2022-01-05 10:02:39.238root 11241100x80000000000000006959091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97450c640792814b2022-01-05 10:02:39.238root 11241100x80000000000000006959092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92d3e3434f4818f2022-01-05 10:02:39.238root 11241100x80000000000000006959093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e073e06872089b362022-01-05 10:02:39.709root 11241100x80000000000000006959094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2df0ea3bcd4ea92022-01-05 10:02:39.709root 11241100x80000000000000006959095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db854ef210b541f2022-01-05 10:02:39.709root 11241100x80000000000000006959096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f3c907088c2972022-01-05 10:02:39.710root 11241100x80000000000000006959097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3177004bb75b5b92022-01-05 10:02:39.710root 11241100x80000000000000006959098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db60512ef76fc872022-01-05 10:02:39.710root 11241100x80000000000000006959099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb47691270c24e92022-01-05 10:02:39.710root 11241100x80000000000000006959100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2107a09e529ae1ab2022-01-05 10:02:39.710root 11241100x80000000000000006959101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8e4988a53038132022-01-05 10:02:39.710root 11241100x80000000000000006959102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62f1aa6e5d91a8c2022-01-05 10:02:39.710root 11241100x80000000000000006959103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e084503874a6501c2022-01-05 10:02:39.710root 11241100x80000000000000006959104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0f1e577d2c1d2f2022-01-05 10:02:39.710root 11241100x80000000000000006959105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe39d96e28e69ca2022-01-05 10:02:39.710root 11241100x80000000000000006959106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17c4c14a90d813c2022-01-05 10:02:39.710root 11241100x80000000000000006959107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e203cef163325f2022-01-05 10:02:39.711root 11241100x80000000000000006959108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a4450924c6a5372022-01-05 10:02:39.711root 11241100x80000000000000006959109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2828d36e3891212022-01-05 10:02:39.711root 11241100x80000000000000006959110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabc56bb10a8e5c42022-01-05 10:02:39.711root 11241100x80000000000000006959111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b555cd09c98cd912022-01-05 10:02:39.711root 11241100x80000000000000006959112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953b8d116468bfc22022-01-05 10:02:39.711root 11241100x80000000000000006959113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d63ee1033656942022-01-05 10:02:40.210root 11241100x80000000000000006959114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f93f3eb8e904f2f2022-01-05 10:02:40.210root 11241100x80000000000000006959115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf061b581cffd3b2022-01-05 10:02:40.210root 11241100x80000000000000006959116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1cdbc57abc5c6f2022-01-05 10:02:40.210root 11241100x80000000000000006959117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865d5881ad52ca1d2022-01-05 10:02:40.210root 11241100x80000000000000006959118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6850c394267273e2022-01-05 10:02:40.210root 11241100x80000000000000006959119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d75687cf7bc7e52022-01-05 10:02:40.210root 11241100x80000000000000006959120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4737167d50a8d5a2022-01-05 10:02:40.210root 11241100x80000000000000006959121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cefab6daa61a5e52022-01-05 10:02:40.210root 11241100x80000000000000006959122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da2ac7345e8c7032022-01-05 10:02:40.210root 11241100x80000000000000006959123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0e7c2f66bc0c9b2022-01-05 10:02:40.211root 11241100x80000000000000006959124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e213ba7671a1a5e12022-01-05 10:02:40.211root 11241100x80000000000000006959125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e6cb401822dc6d2022-01-05 10:02:40.211root 11241100x80000000000000006959126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f7adecc7f251132022-01-05 10:02:40.211root 11241100x80000000000000006959127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c6604e43c2f40a2022-01-05 10:02:40.211root 11241100x80000000000000006959128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310dded1f8f75de12022-01-05 10:02:40.211root 11241100x80000000000000006959129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb79f327d3661eaf2022-01-05 10:02:40.211root 11241100x80000000000000006959130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8be21845033fa302022-01-05 10:02:40.211root 11241100x80000000000000006959131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a14ed9ce9cc9d0b2022-01-05 10:02:40.211root 11241100x80000000000000006959132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6984658ff41e75862022-01-05 10:02:40.211root 11241100x80000000000000006959133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f27a5303ecfddea2022-01-05 10:02:40.709root 11241100x80000000000000006959134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a192737c276455d32022-01-05 10:02:40.709root 11241100x80000000000000006959135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40aea37913d9dc452022-01-05 10:02:40.709root 11241100x80000000000000006959136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3d549a10cb09622022-01-05 10:02:40.709root 11241100x80000000000000006959137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5004e33b67550af32022-01-05 10:02:40.709root 11241100x80000000000000006959138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94b0fadea932ede2022-01-05 10:02:40.710root 11241100x80000000000000006959139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f03baeadb405492022-01-05 10:02:40.710root 11241100x80000000000000006959140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763d9485baeac2c12022-01-05 10:02:40.710root 11241100x80000000000000006959141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7fb4a41f3581232022-01-05 10:02:40.710root 11241100x80000000000000006959142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a815209e18e84a2022-01-05 10:02:40.710root 11241100x80000000000000006959143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82578c81215c60ac2022-01-05 10:02:40.710root 11241100x80000000000000006959144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a647fd8ee3bd83a2022-01-05 10:02:40.710root 11241100x80000000000000006959145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a143854ab07f1a42022-01-05 10:02:40.710root 11241100x80000000000000006959146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c08073dbc3b3e162022-01-05 10:02:40.710root 11241100x80000000000000006959147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8943f4f5481a962b2022-01-05 10:02:40.710root 11241100x80000000000000006959148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e74b4221c46d8032022-01-05 10:02:40.710root 11241100x80000000000000006959149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd824b37b45bf0062022-01-05 10:02:40.710root 11241100x80000000000000006959150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51c74de1bd76b702022-01-05 10:02:40.710root 11241100x80000000000000006959151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27caa80a14b96722022-01-05 10:02:40.710root 11241100x80000000000000006959152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecc3ca1db30d3cb2022-01-05 10:02:40.710root 11241100x80000000000000006959153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e5c7d6f6ba2d772022-01-05 10:02:41.209root 11241100x80000000000000006959154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5595191be21dfc2022-01-05 10:02:41.210root 11241100x80000000000000006959155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7679547b9ae45e842022-01-05 10:02:41.210root 11241100x80000000000000006959156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175a70c6199ddaeb2022-01-05 10:02:41.210root 11241100x80000000000000006959157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d67ef2da10a818f2022-01-05 10:02:41.210root 11241100x80000000000000006959158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0642b900b1d720612022-01-05 10:02:41.210root 11241100x80000000000000006959159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44024d4ed33656af2022-01-05 10:02:41.210root 11241100x80000000000000006959160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eadfe3fe98f088f2022-01-05 10:02:41.210root 11241100x80000000000000006959161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb3cba7d47fade52022-01-05 10:02:41.210root 11241100x80000000000000006959162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8a0c46a241f1492022-01-05 10:02:41.210root 11241100x80000000000000006959163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b31f4908a8b0902022-01-05 10:02:41.210root 11241100x80000000000000006959164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e595a1e46eddb22022-01-05 10:02:41.210root 11241100x80000000000000006959165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dd25e21684e0062022-01-05 10:02:41.210root 11241100x80000000000000006959166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8985a548e8e8c2ed2022-01-05 10:02:41.210root 11241100x80000000000000006959167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2a1c1532cbca1c2022-01-05 10:02:41.211root 11241100x80000000000000006959168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc7858eb09574f62022-01-05 10:02:41.211root 11241100x80000000000000006959169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a35c25c6366ab2f2022-01-05 10:02:41.211root 11241100x80000000000000006959170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbcaec5028db1ac2022-01-05 10:02:41.211root 11241100x80000000000000006959171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca36a34332828082022-01-05 10:02:41.211root 11241100x80000000000000006959172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bb68ed060cd1032022-01-05 10:02:41.211root 11241100x80000000000000006959173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac572b1f7b694ec72022-01-05 10:02:41.710root 11241100x80000000000000006959174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f14f7950c2709122022-01-05 10:02:41.710root 11241100x80000000000000006959175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a1e8fbb59fcc302022-01-05 10:02:41.710root 11241100x80000000000000006959176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615439c582a7d58c2022-01-05 10:02:41.710root 11241100x80000000000000006959177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503b0a8600887a5b2022-01-05 10:02:41.710root 11241100x80000000000000006959178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07d28fd898b3e262022-01-05 10:02:41.710root 11241100x80000000000000006959179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afab7440e399ab042022-01-05 10:02:41.710root 11241100x80000000000000006959180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f3aa2e24f4da722022-01-05 10:02:41.710root 11241100x80000000000000006959181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ffc8904cf8dbd22022-01-05 10:02:41.710root 11241100x80000000000000006959182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c3ad5ee8ddabb82022-01-05 10:02:41.710root 11241100x80000000000000006959183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1576d693e03e8f2022-01-05 10:02:41.710root 11241100x80000000000000006959184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06642a75ab520a9b2022-01-05 10:02:41.710root 11241100x80000000000000006959185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08936b12193b68f2022-01-05 10:02:41.711root 11241100x80000000000000006959186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3384834001b6eb2022-01-05 10:02:41.711root 11241100x80000000000000006959187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eb5c3ef36388052022-01-05 10:02:41.711root 11241100x80000000000000006959188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883ecc36adfd057e2022-01-05 10:02:41.711root 11241100x80000000000000006959189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf8c4e23d2b4f892022-01-05 10:02:41.711root 11241100x80000000000000006959190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f1936cf67a7f662022-01-05 10:02:41.711root 11241100x80000000000000006959191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd53168304c0e2072022-01-05 10:02:41.711root 11241100x80000000000000006959192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6a96f8b49bf5d22022-01-05 10:02:41.711root 11241100x80000000000000006959193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0b3c7384c8a88d2022-01-05 10:02:42.209root 11241100x80000000000000006959194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605a46a53cb844c52022-01-05 10:02:42.209root 11241100x80000000000000006959195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367ca8f5679ee1e92022-01-05 10:02:42.209root 11241100x80000000000000006959196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe5471bfa3c5612022-01-05 10:02:42.209root 11241100x80000000000000006959197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e74b1bb0768daf2022-01-05 10:02:42.209root 11241100x80000000000000006959198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9b199d0bac12ef2022-01-05 10:02:42.210root 11241100x80000000000000006959199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41681731d68a3462022-01-05 10:02:42.210root 11241100x80000000000000006959200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417e24e1d7a5d4192022-01-05 10:02:42.210root 11241100x80000000000000006959201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c492210f763162df2022-01-05 10:02:42.210root 11241100x80000000000000006959202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33a49d65c1679d22022-01-05 10:02:42.210root 11241100x80000000000000006959203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee963f57c5fbf982022-01-05 10:02:42.210root 11241100x80000000000000006959204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d513120d6cf9dc2022-01-05 10:02:42.210root 11241100x80000000000000006959205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e79afe53e09d0a2022-01-05 10:02:42.210root 11241100x80000000000000006959206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77640d57b2856cd2022-01-05 10:02:42.210root 11241100x80000000000000006959207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cc9cd777c18beb2022-01-05 10:02:42.210root 11241100x80000000000000006959208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda47a74b2e246a12022-01-05 10:02:42.210root 11241100x80000000000000006959209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d490c9b31e5d1d2022-01-05 10:02:42.210root 11241100x80000000000000006959210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665dc26c02cafa4e2022-01-05 10:02:42.210root 11241100x80000000000000006959211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16865ed37abba8ea2022-01-05 10:02:42.210root 11241100x80000000000000006959212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5403d64aae031d5c2022-01-05 10:02:42.210root 11241100x80000000000000006959213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973b4d0bb69eee6b2022-01-05 10:02:42.210root 11241100x80000000000000006959214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ae6e046247a0222022-01-05 10:02:42.709root 11241100x80000000000000006959215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0eb749899681382022-01-05 10:02:42.709root 11241100x80000000000000006959216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64402ef6c1b3e7782022-01-05 10:02:42.709root 11241100x80000000000000006959217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fab6f15d3358392022-01-05 10:02:42.709root 11241100x80000000000000006959218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eed4f3c0f186be2022-01-05 10:02:42.709root 11241100x80000000000000006959219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98b4bd77fd9b3642022-01-05 10:02:42.709root 11241100x80000000000000006959220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0325620c0bbcc42022-01-05 10:02:42.710root 11241100x80000000000000006959221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6583eccd39a36b2022-01-05 10:02:42.710root 11241100x80000000000000006959222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098cf6d134dc98712022-01-05 10:02:42.710root 11241100x80000000000000006959223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4082ddfd70d6f62022-01-05 10:02:42.710root 11241100x80000000000000006959224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577a038d85d2706c2022-01-05 10:02:42.710root 11241100x80000000000000006959225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33efdc950fd58a12022-01-05 10:02:42.710root 11241100x80000000000000006959226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5888b2cf7b4a403b2022-01-05 10:02:42.710root 11241100x80000000000000006959227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2664bf41168245de2022-01-05 10:02:42.710root 11241100x80000000000000006959228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f38a6e925b0b2132022-01-05 10:02:42.710root 11241100x80000000000000006959229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c17dd41b8583082022-01-05 10:02:42.710root 11241100x80000000000000006959230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b6e8e8fd4871922022-01-05 10:02:42.710root 11241100x80000000000000006959231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ea25261a2ad0d42022-01-05 10:02:42.710root 11241100x80000000000000006959232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a869393202f3002022-01-05 10:02:42.710root 11241100x80000000000000006959233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6b8704b6476abb2022-01-05 10:02:42.710root 11241100x80000000000000006959234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ec5e4a673c135c2022-01-05 10:02:42.710root 11241100x80000000000000006959235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436c2983a984c5602022-01-05 10:02:43.210root 11241100x80000000000000006959236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc7b0e7095472832022-01-05 10:02:43.210root 11241100x80000000000000006959237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8d59c7ce66897b2022-01-05 10:02:43.210root 11241100x80000000000000006959238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cde26201c4196e02022-01-05 10:02:43.210root 11241100x80000000000000006959239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9403e18193ef512022-01-05 10:02:43.210root 11241100x80000000000000006959240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd387af9466dbb22022-01-05 10:02:43.210root 11241100x80000000000000006959241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5959a8acd008408f2022-01-05 10:02:43.210root 11241100x80000000000000006959242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b140d836b6975cf92022-01-05 10:02:43.210root 11241100x80000000000000006959243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f95dc94c661a0852022-01-05 10:02:43.210root 11241100x80000000000000006959244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e8bcc04caaa7d32022-01-05 10:02:43.211root 11241100x80000000000000006959245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6f2f31681aa6db2022-01-05 10:02:43.211root 11241100x80000000000000006959246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20f92bf1e0537152022-01-05 10:02:43.211root 11241100x80000000000000006959247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709e1436f2b88cb72022-01-05 10:02:43.211root 11241100x80000000000000006959248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cfaedd8b4dcd462022-01-05 10:02:43.211root 11241100x80000000000000006959249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2509d0b1302f572022-01-05 10:02:43.211root 11241100x80000000000000006959250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b9921b660f90832022-01-05 10:02:43.211root 11241100x80000000000000006959251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76eee817e8c6ba762022-01-05 10:02:43.211root 11241100x80000000000000006959252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bb84762ae654b32022-01-05 10:02:43.211root 11241100x80000000000000006959253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfa8c15c8eda4de2022-01-05 10:02:43.211root 11241100x80000000000000006959254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef30701276f4a4892022-01-05 10:02:43.211root 11241100x80000000000000006959255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93011e34f60601ea2022-01-05 10:02:43.710root 11241100x80000000000000006959256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6076db640fde1e2022-01-05 10:02:43.710root 11241100x80000000000000006959257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76049ad1f94831c52022-01-05 10:02:43.710root 11241100x80000000000000006959258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6c8c41c3dd52392022-01-05 10:02:43.710root 11241100x80000000000000006959259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5ccdbe39c80fb02022-01-05 10:02:43.710root 11241100x80000000000000006959260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83535619557280672022-01-05 10:02:43.710root 11241100x80000000000000006959261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc38fa2137f5a4a72022-01-05 10:02:43.710root 11241100x80000000000000006959262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7b0289a44787752022-01-05 10:02:43.710root 11241100x80000000000000006959263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ed7fe19aa214362022-01-05 10:02:43.710root 11241100x80000000000000006959264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfccd7cd3e937052022-01-05 10:02:43.710root 11241100x80000000000000006959265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c80f8e4c4797e92022-01-05 10:02:43.710root 11241100x80000000000000006959266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91b3593a1f042fa2022-01-05 10:02:43.710root 11241100x80000000000000006959267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc9fd0e629beca72022-01-05 10:02:43.710root 11241100x80000000000000006959268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662f98e21cf8aa172022-01-05 10:02:43.711root 11241100x80000000000000006959269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bef0f3e8cc5a3d2022-01-05 10:02:43.711root 11241100x80000000000000006959270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a428cfd4be758b342022-01-05 10:02:43.711root 11241100x80000000000000006959271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce5a486e59c4ced2022-01-05 10:02:43.711root 11241100x80000000000000006959272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961fe21386a1b692022-01-05 10:02:43.711root 11241100x80000000000000006959273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714f41a67a29233a2022-01-05 10:02:43.711root 11241100x80000000000000006959274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da509d026ee94942022-01-05 10:02:43.711root 11241100x80000000000000006959275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca99f1e83b3b3dc2022-01-05 10:02:44.210root 11241100x80000000000000006959276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6031ceb02e3530522022-01-05 10:02:44.210root 11241100x80000000000000006959277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f750298f6c7f9c2022-01-05 10:02:44.210root 11241100x80000000000000006959278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6acbd4dd4d96472022-01-05 10:02:44.210root 11241100x80000000000000006959279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f26fffc4a4378bf2022-01-05 10:02:44.210root 11241100x80000000000000006959280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2072d94cedc772542022-01-05 10:02:44.210root 11241100x80000000000000006959281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcc0f7cfadbad572022-01-05 10:02:44.210root 11241100x80000000000000006959282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362b3e1b168a17482022-01-05 10:02:44.210root 11241100x80000000000000006959283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2619b0903719a612022-01-05 10:02:44.210root 11241100x80000000000000006959284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373d562dc062a3e52022-01-05 10:02:44.210root 11241100x80000000000000006959285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93edd71c6d09fbe32022-01-05 10:02:44.210root 11241100x80000000000000006959286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474776769a46f1e62022-01-05 10:02:44.210root 11241100x80000000000000006959287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77eeee5a87abd922022-01-05 10:02:44.210root 11241100x80000000000000006959288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8fcf2bad94b4d62022-01-05 10:02:44.210root 11241100x80000000000000006959289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20f16bb1fff7ccf2022-01-05 10:02:44.211root 11241100x80000000000000006959290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65140cd83c44c4662022-01-05 10:02:44.211root 11241100x80000000000000006959291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779537d5cb5f7f142022-01-05 10:02:44.211root 11241100x80000000000000006959292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac4c2932cf53a172022-01-05 10:02:44.211root 11241100x80000000000000006959293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aa2a045a7766722022-01-05 10:02:44.211root 11241100x80000000000000006959294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae974a75d5bc348e2022-01-05 10:02:44.211root 11241100x80000000000000006959295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b35eadfe57ae0c2022-01-05 10:02:44.709root 11241100x80000000000000006959296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2d3c6805bc32152022-01-05 10:02:44.709root 11241100x80000000000000006959297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc50f6bfe1847a002022-01-05 10:02:44.709root 11241100x80000000000000006959298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc92c80fac668c02022-01-05 10:02:44.709root 11241100x80000000000000006959299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fafceb51ce16df2022-01-05 10:02:44.709root 11241100x80000000000000006959300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8341e435dd1e4c82022-01-05 10:02:44.709root 11241100x80000000000000006959301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50d760e2dddb4332022-01-05 10:02:44.709root 11241100x80000000000000006959302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863c26f245511c882022-01-05 10:02:44.709root 11241100x80000000000000006959303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d428f2b161832a0a2022-01-05 10:02:44.710root 11241100x80000000000000006959304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3419361ee1815cab2022-01-05 10:02:44.710root 11241100x80000000000000006959305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e41f5d89e3e2f982022-01-05 10:02:44.710root 11241100x80000000000000006959306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2d9187308206a52022-01-05 10:02:44.710root 11241100x80000000000000006959307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac181c46ca510b92022-01-05 10:02:44.710root 11241100x80000000000000006959308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046b136f2140c1552022-01-05 10:02:44.710root 11241100x80000000000000006959309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dfda1839a6ca6d2022-01-05 10:02:44.710root 11241100x80000000000000006959310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2928423306e6c7702022-01-05 10:02:44.710root 11241100x80000000000000006959311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ae1d4ef5efd2112022-01-05 10:02:44.710root 11241100x80000000000000006959312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4be69e5da0b0782022-01-05 10:02:44.711root 11241100x80000000000000006959313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0b32f66501a6eb2022-01-05 10:02:44.711root 11241100x80000000000000006959314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5198ee77039bcde22022-01-05 10:02:44.711root 354300x80000000000000006959315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.153{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41716-false10.0.1.12-8000- 11241100x80000000000000006959316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.154{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e19da95977f7482022-01-05 10:02:45.154root 11241100x80000000000000006959317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.154{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66ddf2a1017d0072022-01-05 10:02:45.154root 11241100x80000000000000006959318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.154{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98903a4b112560902022-01-05 10:02:45.154root 11241100x80000000000000006959319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.154{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c441ca654bfad62022-01-05 10:02:45.154root 11241100x80000000000000006959320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.154{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92499818a4f33acd2022-01-05 10:02:45.154root 11241100x80000000000000006959321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.155{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6d7270ec8f01942022-01-05 10:02:45.155root 11241100x80000000000000006959322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.155{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9159dd9e7e4dc01e2022-01-05 10:02:45.155root 11241100x80000000000000006959323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.155{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0415e4eecdcbeea2022-01-05 10:02:45.155root 11241100x80000000000000006959324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.155{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276e5ce5191b57222022-01-05 10:02:45.155root 11241100x80000000000000006959325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.155{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c138a4837a1141b42022-01-05 10:02:45.155root 11241100x80000000000000006959326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.155{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a4b2da7d02bf072022-01-05 10:02:45.155root 11241100x80000000000000006959327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.155{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cae8bd2160bcebb2022-01-05 10:02:45.155root 11241100x80000000000000006959328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.155{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f64a350f52e7cb82022-01-05 10:02:45.155root 11241100x80000000000000006959329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68192027cbc3022c2022-01-05 10:02:45.156root 11241100x80000000000000006959330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cee1fc840a3f032022-01-05 10:02:45.156root 11241100x80000000000000006959331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc437419047733c2022-01-05 10:02:45.156root 11241100x80000000000000006959332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68afc8233e2c32e2022-01-05 10:02:45.156root 11241100x80000000000000006959333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ea9594f51e0cf22022-01-05 10:02:45.156root 11241100x80000000000000006959334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfcef2697077b3c2022-01-05 10:02:45.157root 11241100x80000000000000006959335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64498f9d5a9ec2172022-01-05 10:02:45.157root 11241100x80000000000000006959336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa693577a172192d2022-01-05 10:02:45.157root 11241100x80000000000000006959337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f46f4a437e3b062022-01-05 10:02:45.157root 11241100x80000000000000006959338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29120bd41d84f14d2022-01-05 10:02:45.157root 11241100x80000000000000006959339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddbb8fa2ff8cfff2022-01-05 10:02:45.157root 11241100x80000000000000006959340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0bc7b23c92bd592022-01-05 10:02:45.459root 11241100x80000000000000006959341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9899c125f28abcf62022-01-05 10:02:45.460root 11241100x80000000000000006959342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f8859c827af7592022-01-05 10:02:45.460root 11241100x80000000000000006959343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ce27d5f2f6f9f92022-01-05 10:02:45.460root 11241100x80000000000000006959344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000869d7939d19042022-01-05 10:02:45.460root 11241100x80000000000000006959345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec5187ef17bb69e2022-01-05 10:02:45.460root 11241100x80000000000000006959346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e916a653a496f8ca2022-01-05 10:02:45.460root 11241100x80000000000000006959347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a473ab6622ace9cf2022-01-05 10:02:45.460root 11241100x80000000000000006959348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8635d3d02d99e8eb2022-01-05 10:02:45.460root 11241100x80000000000000006959349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3fdd06e4c2d3392022-01-05 10:02:45.461root 11241100x80000000000000006959350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c8c9be78b046172022-01-05 10:02:45.461root 11241100x80000000000000006959351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a10936afcb6b1062022-01-05 10:02:45.461root 11241100x80000000000000006959352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8d7298c3295e612022-01-05 10:02:45.461root 11241100x80000000000000006959353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe02210b8705d1c2022-01-05 10:02:45.461root 11241100x80000000000000006959354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b364c35542613b42022-01-05 10:02:45.461root 11241100x80000000000000006959355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f14bbf6ec1cf5c2022-01-05 10:02:45.461root 11241100x80000000000000006959356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b913e928a0f1332022-01-05 10:02:45.461root 11241100x80000000000000006959357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6841c27b8feb68502022-01-05 10:02:45.461root 11241100x80000000000000006959358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ae7222f1f404982022-01-05 10:02:45.461root 11241100x80000000000000006959359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888f2a6bc0df0c92022-01-05 10:02:45.461root 11241100x80000000000000006959360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0458ac535fab1ff82022-01-05 10:02:45.461root 11241100x80000000000000006959361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5408aad835609832022-01-05 10:02:45.959root 11241100x80000000000000006959362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ceeef013e11bc272022-01-05 10:02:45.960root 11241100x80000000000000006959363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dc05af4e8d5fc22022-01-05 10:02:45.960root 11241100x80000000000000006959364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c927b5d5910fa72022-01-05 10:02:45.960root 11241100x80000000000000006959365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c762d679441150d92022-01-05 10:02:45.960root 11241100x80000000000000006959366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f79170b34a56b4c2022-01-05 10:02:45.960root 11241100x80000000000000006959367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd331026c1766e62022-01-05 10:02:45.960root 11241100x80000000000000006959368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fb36d1f0925a362022-01-05 10:02:45.960root 11241100x80000000000000006959369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda7fc4e9449d0ee2022-01-05 10:02:45.960root 11241100x80000000000000006959370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3d4a92d5cc814e2022-01-05 10:02:45.960root 11241100x80000000000000006959371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b932283836a878da2022-01-05 10:02:45.960root 11241100x80000000000000006959372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4afeda8047caad2022-01-05 10:02:45.960root 11241100x80000000000000006959373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878f4d101f96037b2022-01-05 10:02:45.960root 11241100x80000000000000006959374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ce4c9995ac8232022-01-05 10:02:45.961root 11241100x80000000000000006959375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b0ed621bde19e02022-01-05 10:02:45.961root 11241100x80000000000000006959376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc23ff85e800b7112022-01-05 10:02:45.961root 11241100x80000000000000006959377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4ec2fd1c352ecf2022-01-05 10:02:45.961root 11241100x80000000000000006959378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4413038d8c09cc2022-01-05 10:02:45.961root 11241100x80000000000000006959379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e5da1bb706fe3f2022-01-05 10:02:45.961root 11241100x80000000000000006959380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a8b76402495d662022-01-05 10:02:45.961root 11241100x80000000000000006959381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68716a701a34b7b2022-01-05 10:02:45.961root 11241100x80000000000000006959382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d6334b6c77aed82022-01-05 10:02:46.459root 11241100x80000000000000006959383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5b94f3817cac6f2022-01-05 10:02:46.459root 11241100x80000000000000006959384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557ec6b226fb2d8f2022-01-05 10:02:46.459root 11241100x80000000000000006959385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4686b0c1a5736c4c2022-01-05 10:02:46.460root 11241100x80000000000000006959386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b03f35f354cfe62022-01-05 10:02:46.460root 11241100x80000000000000006959387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4ee039f010afc32022-01-05 10:02:46.460root 11241100x80000000000000006959388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b76dda529906842022-01-05 10:02:46.460root 11241100x80000000000000006959389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9db8db73a407e62022-01-05 10:02:46.460root 11241100x80000000000000006959390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28d05c2eaabe7192022-01-05 10:02:46.460root 11241100x80000000000000006959391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6848d03e7d7ef1782022-01-05 10:02:46.460root 11241100x80000000000000006959392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab50fce11b98c3a92022-01-05 10:02:46.460root 11241100x80000000000000006959393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd402e6d0f85c22022-01-05 10:02:46.460root 11241100x80000000000000006959394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efbc7d0f3b0edb82022-01-05 10:02:46.460root 11241100x80000000000000006959395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09546d258e94b1d2022-01-05 10:02:46.460root 11241100x80000000000000006959396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6842bd99d4200e62022-01-05 10:02:46.460root 11241100x80000000000000006959397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab938eaad8eac1c2022-01-05 10:02:46.460root 11241100x80000000000000006959398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4cdd4c3a5313a82022-01-05 10:02:46.461root 11241100x80000000000000006959399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a99a996b868c002022-01-05 10:02:46.461root 11241100x80000000000000006959400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53b6646d6e6492c2022-01-05 10:02:46.461root 11241100x80000000000000006959401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6175f1a51cc68eff2022-01-05 10:02:46.461root 11241100x80000000000000006959402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aeb8ed345f768e2022-01-05 10:02:46.461root 11241100x80000000000000006959403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d0aa919af8b4d12022-01-05 10:02:46.461root 11241100x80000000000000006959404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8106bbca951972a32022-01-05 10:02:46.959root 11241100x80000000000000006959405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a4eb3a5dcdfbee2022-01-05 10:02:46.959root 11241100x80000000000000006959406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f258ae2d279622982022-01-05 10:02:46.959root 11241100x80000000000000006959407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66880ec733d9eb702022-01-05 10:02:46.959root 11241100x80000000000000006959408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff51e61471d09462022-01-05 10:02:46.959root 11241100x80000000000000006959409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f794142e19500aa32022-01-05 10:02:46.960root 11241100x80000000000000006959410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfadc9f0111f59612022-01-05 10:02:46.960root 11241100x80000000000000006959411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd96656252bd1302022-01-05 10:02:46.960root 11241100x80000000000000006959412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262a78837c9e49422022-01-05 10:02:46.960root 11241100x80000000000000006959413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6e1cad365295472022-01-05 10:02:46.960root 11241100x80000000000000006959414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9bfe34b61aa6f22022-01-05 10:02:46.960root 11241100x80000000000000006959415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c50c4f0d4b6d7a72022-01-05 10:02:46.960root 11241100x80000000000000006959416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6aa11696fed8c02022-01-05 10:02:46.960root 11241100x80000000000000006959417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c794ecc82253d12022-01-05 10:02:46.960root 11241100x80000000000000006959418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5580e498961872022-01-05 10:02:46.960root 11241100x80000000000000006959419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661071d8fa0d61e92022-01-05 10:02:46.960root 11241100x80000000000000006959420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c787b691280b05762022-01-05 10:02:46.960root 11241100x80000000000000006959421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b657c867e86ee082022-01-05 10:02:46.960root 11241100x80000000000000006959422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55527f35ff9159332022-01-05 10:02:46.961root 11241100x80000000000000006959423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af77376274c81a572022-01-05 10:02:46.961root 11241100x80000000000000006959424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f4c3163b0be25c2022-01-05 10:02:46.961root 11241100x80000000000000006959425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2880f9df487fdb872022-01-05 10:02:47.459root 11241100x80000000000000006959426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d3d9097045b4cd2022-01-05 10:02:47.459root 11241100x80000000000000006959427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd76c1798ecbe9a2022-01-05 10:02:47.459root 11241100x80000000000000006959428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46e9fa6136a75052022-01-05 10:02:47.459root 11241100x80000000000000006959429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d16dab5aee56182022-01-05 10:02:47.460root 11241100x80000000000000006959430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc1afa65018f35a2022-01-05 10:02:47.460root 11241100x80000000000000006959431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575ea3d6a52e932b2022-01-05 10:02:47.460root 11241100x80000000000000006959432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6c2c937a9d99832022-01-05 10:02:47.460root 11241100x80000000000000006959433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35406059e69859ef2022-01-05 10:02:47.460root 11241100x80000000000000006959434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd495957e764a4d2022-01-05 10:02:47.460root 11241100x80000000000000006959435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc2fe8b0c6b39342022-01-05 10:02:47.460root 11241100x80000000000000006959436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17328055d04ec9e92022-01-05 10:02:47.460root 11241100x80000000000000006959437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf2589295ad8c192022-01-05 10:02:47.460root 11241100x80000000000000006959438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb70a692c12ac5442022-01-05 10:02:47.460root 11241100x80000000000000006959439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca54747991698b72022-01-05 10:02:47.460root 11241100x80000000000000006959440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd7d5d614e237662022-01-05 10:02:47.460root 11241100x80000000000000006959441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df84eabc7e39074a2022-01-05 10:02:47.461root 11241100x80000000000000006959442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacad66f27f7c79f2022-01-05 10:02:47.461root 11241100x80000000000000006959443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78e8d9fea9df2912022-01-05 10:02:47.461root 11241100x80000000000000006959444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3520c28029a5685e2022-01-05 10:02:47.461root 11241100x80000000000000006959445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec6e7d426901c7e2022-01-05 10:02:47.461root 11241100x80000000000000006959446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02611fd0fbe1c1092022-01-05 10:02:47.960root 11241100x80000000000000006959447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc814fa52a70adf02022-01-05 10:02:47.960root 11241100x80000000000000006959448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97fad388e2cb17c2022-01-05 10:02:47.960root 11241100x80000000000000006959449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9d19ab08a74f7a2022-01-05 10:02:47.960root 11241100x80000000000000006959450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cd1a19a18a2c8d2022-01-05 10:02:47.960root 11241100x80000000000000006959451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395533e5dbd60ed82022-01-05 10:02:47.960root 11241100x80000000000000006959452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9ce7ceaaa05ea82022-01-05 10:02:47.960root 11241100x80000000000000006959453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a732637e34e30c6a2022-01-05 10:02:47.960root 11241100x80000000000000006959454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772b65de20be3f732022-01-05 10:02:47.960root 11241100x80000000000000006959455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9564111001e9702f2022-01-05 10:02:47.960root 11241100x80000000000000006959456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c641622335f2bb2022-01-05 10:02:47.960root 11241100x80000000000000006959457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a89a7d50612b932022-01-05 10:02:47.960root 11241100x80000000000000006959458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e01e1a04d91a102022-01-05 10:02:47.960root 11241100x80000000000000006959459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c483edd9e68fc22022-01-05 10:02:47.961root 11241100x80000000000000006959460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc52f711888bbff22022-01-05 10:02:47.961root 11241100x80000000000000006959461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff07e993cb2be922022-01-05 10:02:47.961root 11241100x80000000000000006959462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd8371de7d5642a2022-01-05 10:02:47.961root 11241100x80000000000000006959463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b518edd5351ff5832022-01-05 10:02:47.961root 11241100x80000000000000006959464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea11aad7f79f9dc2022-01-05 10:02:47.961root 11241100x80000000000000006959465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62379da5f60f77c22022-01-05 10:02:47.961root 11241100x80000000000000006959466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28520a038a7e3c482022-01-05 10:02:47.961root 11241100x80000000000000006959467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84b1c7295200a0e2022-01-05 10:02:48.459root 11241100x80000000000000006959468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fad3a3448215592022-01-05 10:02:48.460root 11241100x80000000000000006959469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7fa7127139e12e2022-01-05 10:02:48.460root 11241100x80000000000000006959470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9369db26bca2ad502022-01-05 10:02:48.460root 11241100x80000000000000006959471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d5788f904b83fe2022-01-05 10:02:48.460root 11241100x80000000000000006959472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a6918d9dcf65fa2022-01-05 10:02:48.460root 11241100x80000000000000006959473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab82dd656288b042022-01-05 10:02:48.460root 11241100x80000000000000006959474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0492c5c502fdedbf2022-01-05 10:02:48.460root 11241100x80000000000000006959475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946cfe826afc9e452022-01-05 10:02:48.460root 11241100x80000000000000006959476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e4277de1c083852022-01-05 10:02:48.460root 11241100x80000000000000006959477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39232bf60c1f4dc2022-01-05 10:02:48.460root 11241100x80000000000000006959478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9f42f1556895e32022-01-05 10:02:48.461root 11241100x80000000000000006959479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5ce20b4dbb18902022-01-05 10:02:48.461root 11241100x80000000000000006959480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3501154ffc72122022-01-05 10:02:48.461root 11241100x80000000000000006959481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a5b8bf9d8caaa52022-01-05 10:02:48.461root 11241100x80000000000000006959482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e0c5e8e0a1e6a72022-01-05 10:02:48.461root 11241100x80000000000000006959483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a36d06128b245a92022-01-05 10:02:48.461root 11241100x80000000000000006959484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a4736ad3d55fde2022-01-05 10:02:48.461root 11241100x80000000000000006959485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c42353fd44c0c32022-01-05 10:02:48.461root 11241100x80000000000000006959486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20afef6c2a5ac6b92022-01-05 10:02:48.461root 11241100x80000000000000006959487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8512e47a8cc5ab852022-01-05 10:02:48.461root 154100x80000000000000006959488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.495{ec2e79f3-6cc8-61d5-6864-4098d3550000}23009/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 534500x80000000000000006959489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.510{ec2e79f3-6cc8-61d5-6864-4098d3550000}23009/bin/psroot 11241100x80000000000000006959490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9dc5da769b48082022-01-05 10:02:48.959root 11241100x80000000000000006959491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633c9a080dd914872022-01-05 10:02:48.959root 11241100x80000000000000006959492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e81dd610e4a312022-01-05 10:02:48.959root 11241100x80000000000000006959493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037e8abbb546dc582022-01-05 10:02:48.959root 11241100x80000000000000006959494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f7c76cc75d81742022-01-05 10:02:48.959root 11241100x80000000000000006959495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1e24197eda01022022-01-05 10:02:48.960root 11241100x80000000000000006959496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c71c1e25d88c79e2022-01-05 10:02:48.960root 11241100x80000000000000006959497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c47cb1e5329ac72022-01-05 10:02:48.960root 11241100x80000000000000006959498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c503a98d9d3ef3f82022-01-05 10:02:48.960root 11241100x80000000000000006959499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b63aef5c8b55302022-01-05 10:02:48.960root 11241100x80000000000000006959500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42863c5af24877a92022-01-05 10:02:48.960root 11241100x80000000000000006959501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f65f07784b334912022-01-05 10:02:48.960root 11241100x80000000000000006959502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdc6353293b21312022-01-05 10:02:48.960root 11241100x80000000000000006959503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca75391322acc092022-01-05 10:02:48.960root 11241100x80000000000000006959504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c332f74821411d92022-01-05 10:02:48.960root 11241100x80000000000000006959505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb22e514217739b2022-01-05 10:02:48.960root 11241100x80000000000000006959506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff300e5d95cbc3c2022-01-05 10:02:48.960root 11241100x80000000000000006959507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2beaa2c56de47e2022-01-05 10:02:48.960root 11241100x80000000000000006959508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c38e124b2924dab2022-01-05 10:02:48.960root 11241100x80000000000000006959509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b78dcbd75ed106d2022-01-05 10:02:48.960root 11241100x80000000000000006959510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7569e6f86392c5282022-01-05 10:02:48.960root 11241100x80000000000000006959511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0b16bbf73a689c2022-01-05 10:02:48.961root 11241100x80000000000000006959512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1a9f96bd83c8f42022-01-05 10:02:48.961root 11241100x80000000000000006959513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7437648f8f8df02022-01-05 10:02:49.460root 11241100x80000000000000006959514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91644354e7b0bea72022-01-05 10:02:49.460root 11241100x80000000000000006959515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed8a0832b7e6ef62022-01-05 10:02:49.460root 11241100x80000000000000006959516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31db6ae3f7d713a92022-01-05 10:02:49.460root 11241100x80000000000000006959517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36340f4764261b12022-01-05 10:02:49.460root 11241100x80000000000000006959518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5ea462e45d6c822022-01-05 10:02:49.460root 11241100x80000000000000006959519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11671bf205fc0892022-01-05 10:02:49.460root 11241100x80000000000000006959520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0239ca6cca10bf62022-01-05 10:02:49.460root 11241100x80000000000000006959521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5226a596c3b95532022-01-05 10:02:49.460root 11241100x80000000000000006959522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399481fd208e91e32022-01-05 10:02:49.460root 11241100x80000000000000006959523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2892006f846e33b52022-01-05 10:02:49.460root 11241100x80000000000000006959524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7294f020a9d66ed82022-01-05 10:02:49.461root 11241100x80000000000000006959525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0abeb8c695a65a2022-01-05 10:02:49.461root 11241100x80000000000000006959526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0034b90c942b0872022-01-05 10:02:49.461root 11241100x80000000000000006959527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eea483c04d20862022-01-05 10:02:49.461root 11241100x80000000000000006959528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b718ebbf2e1c1b2022-01-05 10:02:49.461root 11241100x80000000000000006959529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5e8596bcba08e82022-01-05 10:02:49.461root 11241100x80000000000000006959530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fecc8ce627691db2022-01-05 10:02:49.461root 11241100x80000000000000006959531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d8fb75e31c38a92022-01-05 10:02:49.461root 11241100x80000000000000006959532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13eb90c6d4ffdfdf2022-01-05 10:02:49.461root 11241100x80000000000000006959533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df3d7176ed59fb92022-01-05 10:02:49.461root 11241100x80000000000000006959534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6ccc912ee8c4682022-01-05 10:02:49.461root 11241100x80000000000000006959535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ee9b401d3386082022-01-05 10:02:49.461root 11241100x80000000000000006959536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5173c4cde445ed2022-01-05 10:02:49.960root 11241100x80000000000000006959537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552f4b6c9b17b51d2022-01-05 10:02:49.960root 11241100x80000000000000006959538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcd3e1b823df0b12022-01-05 10:02:49.960root 11241100x80000000000000006959539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785643899ff70d2a2022-01-05 10:02:49.960root 11241100x80000000000000006959540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dd5ffa9ed6aa4f2022-01-05 10:02:49.960root 11241100x80000000000000006959541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f2317b4c6882a22022-01-05 10:02:49.960root 11241100x80000000000000006959542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b91ff503f50cd072022-01-05 10:02:49.960root 11241100x80000000000000006959543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c978decdbcb3fe2022-01-05 10:02:49.960root 11241100x80000000000000006959544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8884e7282f834f42022-01-05 10:02:49.960root 11241100x80000000000000006959545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99018511ca8a1a62022-01-05 10:02:49.960root 11241100x80000000000000006959546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12e6c9a6eb28c852022-01-05 10:02:49.961root 11241100x80000000000000006959547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe641b2598e3d4a2022-01-05 10:02:49.961root 11241100x80000000000000006959548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ee6f047c783e7a2022-01-05 10:02:49.961root 11241100x80000000000000006959549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5f913c5d5ac0a12022-01-05 10:02:49.961root 11241100x80000000000000006959550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40b9691b79051dd2022-01-05 10:02:49.961root 11241100x80000000000000006959551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51babb797bfe26b72022-01-05 10:02:49.961root 11241100x80000000000000006959552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805d6f6d89a53f1d2022-01-05 10:02:49.961root 11241100x80000000000000006959553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01dc992f102c7242022-01-05 10:02:49.961root 11241100x80000000000000006959554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f555b0c08bd5b42022-01-05 10:02:49.961root 11241100x80000000000000006959555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830f6dcd287bd3892022-01-05 10:02:49.961root 11241100x80000000000000006959556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfa62eaf216ec782022-01-05 10:02:49.961root 11241100x80000000000000006959557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3a3588b3c085aa2022-01-05 10:02:49.961root 11241100x80000000000000006959558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73b9a60393772922022-01-05 10:02:49.961root 354300x80000000000000006959559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.228{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41718-false10.0.1.12-8000- 11241100x80000000000000006959560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba26273cbc6b1762022-01-05 10:02:50.229root 11241100x80000000000000006959561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa931f226c4135b82022-01-05 10:02:50.229root 11241100x80000000000000006959562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930a08ae5fd148a72022-01-05 10:02:50.229root 11241100x80000000000000006959563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89ae5f1280a83352022-01-05 10:02:50.229root 11241100x80000000000000006959564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6b91c88773de642022-01-05 10:02:50.229root 11241100x80000000000000006959565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e48179c621c93a32022-01-05 10:02:50.229root 11241100x80000000000000006959566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eddf7fb239d38a2022-01-05 10:02:50.229root 11241100x80000000000000006959567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c4368c476c18f52022-01-05 10:02:50.230root 11241100x80000000000000006959568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d025c4d067cfb32022-01-05 10:02:50.230root 11241100x80000000000000006959569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce0b3e47a061abe2022-01-05 10:02:50.230root 11241100x80000000000000006959570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440a51c304506f652022-01-05 10:02:50.230root 11241100x80000000000000006959571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0907f8ee0caec40b2022-01-05 10:02:50.230root 11241100x80000000000000006959572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e8102b54b763dd2022-01-05 10:02:50.230root 11241100x80000000000000006959573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689125dcaf1c26302022-01-05 10:02:50.230root 11241100x80000000000000006959574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a085e1e5de6bc8942022-01-05 10:02:50.230root 11241100x80000000000000006959575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbd04b88533f57c2022-01-05 10:02:50.230root 11241100x80000000000000006959576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3586956da3c6fb2f2022-01-05 10:02:50.230root 11241100x80000000000000006959577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3d72fc82dc5a592022-01-05 10:02:50.231root 11241100x80000000000000006959578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a9844ad7371dac2022-01-05 10:02:50.231root 11241100x80000000000000006959579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ef8040ccf709e82022-01-05 10:02:50.231root 11241100x80000000000000006959580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c141584b797b302022-01-05 10:02:50.231root 11241100x80000000000000006959581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df091296077a5fed2022-01-05 10:02:50.231root 11241100x80000000000000006959582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c104df7af112304b2022-01-05 10:02:50.231root 11241100x80000000000000006959583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340a40f6ea1041212022-01-05 10:02:50.231root 11241100x80000000000000006959584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a476ec581434662022-01-05 10:02:50.231root 11241100x80000000000000006959585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a61969ceb67a9e2022-01-05 10:02:50.231root 11241100x80000000000000006959586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93352f869ab636a82022-01-05 10:02:50.231root 11241100x80000000000000006959587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726899363ab78bf22022-01-05 10:02:50.231root 11241100x80000000000000006959588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630a9c2a8a23a6db2022-01-05 10:02:50.232root 11241100x80000000000000006959589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fe2537d082e6a02022-01-05 10:02:50.710root 11241100x80000000000000006959590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b733fe6d1175e88c2022-01-05 10:02:50.710root 11241100x80000000000000006959591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ee3dd436c609d42022-01-05 10:02:50.710root 11241100x80000000000000006959592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb7f04fbd2e3bc42022-01-05 10:02:50.710root 11241100x80000000000000006959593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01e48f7e8a826cc2022-01-05 10:02:50.710root 11241100x80000000000000006959594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed087222439cd2f2022-01-05 10:02:50.710root 11241100x80000000000000006959595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15534430555854c2022-01-05 10:02:50.710root 11241100x80000000000000006959596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dff4f05b48cdb52022-01-05 10:02:50.710root 11241100x80000000000000006959597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff1d39dda87d5242022-01-05 10:02:50.710root 11241100x80000000000000006959598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf98b8e29a6ef43e2022-01-05 10:02:50.710root 11241100x80000000000000006959599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f32ee2cd05fc842022-01-05 10:02:50.711root 11241100x80000000000000006959600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1dd862687e72a72022-01-05 10:02:50.711root 11241100x80000000000000006959601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a1dacc030846d12022-01-05 10:02:50.711root 11241100x80000000000000006959602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7869c2ad5e922f82022-01-05 10:02:50.711root 11241100x80000000000000006959603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630f02567dfa8b682022-01-05 10:02:50.711root 11241100x80000000000000006959604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6165f42a189d492022-01-05 10:02:50.711root 11241100x80000000000000006959605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a339edd68c3ee56d2022-01-05 10:02:50.711root 11241100x80000000000000006959606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9444cf088acdeaff2022-01-05 10:02:50.711root 11241100x80000000000000006959607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428f8f244044468a2022-01-05 10:02:50.711root 11241100x80000000000000006959608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1bea003caf939e2022-01-05 10:02:50.711root 11241100x80000000000000006959609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee25e4402f17caa2022-01-05 10:02:50.712root 11241100x80000000000000006959610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a0de311fc39b0a2022-01-05 10:02:50.712root 11241100x80000000000000006959611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689ebbfeab65acdc2022-01-05 10:02:50.712root 11241100x80000000000000006959612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696424c203d1f96b2022-01-05 10:02:50.712root 11241100x80000000000000006959613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b14573c0df538802022-01-05 10:02:51.210root 11241100x80000000000000006959614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ae73e3240c4bc72022-01-05 10:02:51.210root 11241100x80000000000000006959615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d7726db95406ff2022-01-05 10:02:51.210root 11241100x80000000000000006959616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63fa471300200f32022-01-05 10:02:51.211root 11241100x80000000000000006959617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b077ac98cba4802022-01-05 10:02:51.211root 11241100x80000000000000006959618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc243028bd6b0ade2022-01-05 10:02:51.211root 11241100x80000000000000006959619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6611f433ed923f2022-01-05 10:02:51.211root 11241100x80000000000000006959620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d8ba14eb246be32022-01-05 10:02:51.211root 11241100x80000000000000006959621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5588ac1223a3dfd32022-01-05 10:02:51.211root 11241100x80000000000000006959622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6284699926a5156b2022-01-05 10:02:51.211root 11241100x80000000000000006959623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4337beb08b17490b2022-01-05 10:02:51.211root 11241100x80000000000000006959624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905ab54fcb8c21162022-01-05 10:02:51.211root 11241100x80000000000000006959625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f80eb876fce3ed22022-01-05 10:02:51.211root 11241100x80000000000000006959626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7321e394fb5997292022-01-05 10:02:51.211root 11241100x80000000000000006959627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f123673d9577dd2022-01-05 10:02:51.211root 11241100x80000000000000006959628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab815ff6b4107622022-01-05 10:02:51.211root 11241100x80000000000000006959629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c155565d9c62474d2022-01-05 10:02:51.211root 11241100x80000000000000006959630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9add5e091964c1122022-01-05 10:02:51.211root 11241100x80000000000000006959631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0e2403ed7b21bd2022-01-05 10:02:51.212root 11241100x80000000000000006959632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7e9f700d57828a2022-01-05 10:02:51.212root 11241100x80000000000000006959633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1d3241ffefd7662022-01-05 10:02:51.212root 11241100x80000000000000006959634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305a00b072eaee3a2022-01-05 10:02:51.212root 11241100x80000000000000006959635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2c372296feb5992022-01-05 10:02:51.212root 11241100x80000000000000006959636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d9ae545e27ead22022-01-05 10:02:51.212root 11241100x80000000000000006959637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8814e671b37422ab2022-01-05 10:02:51.710root 11241100x80000000000000006959638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38032e02353e994b2022-01-05 10:02:51.710root 11241100x80000000000000006959639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7564b853da442c2022-01-05 10:02:51.710root 11241100x80000000000000006959640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5704e56054925ff12022-01-05 10:02:51.710root 11241100x80000000000000006959641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0109d28dd6568672022-01-05 10:02:51.710root 11241100x80000000000000006959642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4737183bc4b3068c2022-01-05 10:02:51.710root 11241100x80000000000000006959643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f491c4ef1e7d6c2022-01-05 10:02:51.710root 11241100x80000000000000006959644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2429a4c94c588d5e2022-01-05 10:02:51.710root 11241100x80000000000000006959645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438adf0bf73104ad2022-01-05 10:02:51.710root 11241100x80000000000000006959646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22083f4e5e4749d72022-01-05 10:02:51.710root 11241100x80000000000000006959647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61444d5559da32862022-01-05 10:02:51.711root 11241100x80000000000000006959648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f7c5568b11dd7d2022-01-05 10:02:51.711root 11241100x80000000000000006959649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc61f37f02b58d62022-01-05 10:02:51.711root 11241100x80000000000000006959650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced2a5c339c7fdc22022-01-05 10:02:51.711root 11241100x80000000000000006959651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1236e1bcb90ee62022-01-05 10:02:51.711root 11241100x80000000000000006959652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e68445fb35345222022-01-05 10:02:51.711root 11241100x80000000000000006959653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c9849b4fb89a532022-01-05 10:02:51.711root 11241100x80000000000000006959654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a04d73d39661f152022-01-05 10:02:51.711root 11241100x80000000000000006959655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e64ea342bf2295f2022-01-05 10:02:51.711root 11241100x80000000000000006959656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4361b78a54685a2022-01-05 10:02:51.711root 11241100x80000000000000006959657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e11c712f4d4e5a62022-01-05 10:02:51.711root 11241100x80000000000000006959658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd634e418c396472022-01-05 10:02:51.711root 11241100x80000000000000006959659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a252d16167b1a12022-01-05 10:02:51.711root 11241100x80000000000000006959660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854103f4864cca0c2022-01-05 10:02:51.711root 11241100x80000000000000006959661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f86dc19a49a0672022-01-05 10:02:52.210root 11241100x80000000000000006959662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5080c0c5b30822302022-01-05 10:02:52.210root 11241100x80000000000000006959663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e4cd59e47a66ef2022-01-05 10:02:52.210root 11241100x80000000000000006959664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0d1122df8a43672022-01-05 10:02:52.210root 11241100x80000000000000006959665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933b3d6af0381aec2022-01-05 10:02:52.210root 11241100x80000000000000006959666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05a613ab428496c2022-01-05 10:02:52.210root 11241100x80000000000000006959667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e33456cdfc4f1312022-01-05 10:02:52.210root 11241100x80000000000000006959668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3525be34e808915a2022-01-05 10:02:52.210root 11241100x80000000000000006959669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25167d03b4af69902022-01-05 10:02:52.210root 11241100x80000000000000006959670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b0d0f3a3f51e152022-01-05 10:02:52.210root 11241100x80000000000000006959671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8f999f8573737c2022-01-05 10:02:52.211root 11241100x80000000000000006959672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1c50e0bb90aa9f2022-01-05 10:02:52.211root 11241100x80000000000000006959673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060d7ee402bd90082022-01-05 10:02:52.211root 11241100x80000000000000006959674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aea7c66ad6a56c2022-01-05 10:02:52.211root 11241100x80000000000000006959675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13671c35f8d97c952022-01-05 10:02:52.211root 11241100x80000000000000006959676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7bfc2b1ab3675f2022-01-05 10:02:52.211root 11241100x80000000000000006959677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5187f12a16a3b62022-01-05 10:02:52.211root 11241100x80000000000000006959678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eac3bf54c617fc22022-01-05 10:02:52.211root 11241100x80000000000000006959679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd77bd774f76782022-01-05 10:02:52.211root 11241100x80000000000000006959680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5d282b06cf8cf52022-01-05 10:02:52.211root 11241100x80000000000000006959681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d380315e5e59542022-01-05 10:02:52.211root 11241100x80000000000000006959682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88eb8c51077fd14f2022-01-05 10:02:52.211root 11241100x80000000000000006959683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cf8a036bb2ab8d2022-01-05 10:02:52.211root 11241100x80000000000000006959684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2569e19bbd21f382022-01-05 10:02:52.211root 11241100x80000000000000006959685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58708a1f6bb703bd2022-01-05 10:02:52.710root 11241100x80000000000000006959686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f230fa9cad86492022-01-05 10:02:52.710root 11241100x80000000000000006959687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92fbc355288b87a2022-01-05 10:02:52.710root 11241100x80000000000000006959688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25a735cb2724012022-01-05 10:02:52.710root 11241100x80000000000000006959689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdd33fa65675d5d2022-01-05 10:02:52.710root 11241100x80000000000000006959690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2156dd4627c056222022-01-05 10:02:52.710root 11241100x80000000000000006959691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b456aae4a4f4fe2022-01-05 10:02:52.710root 11241100x80000000000000006959692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da353d86afd725d42022-01-05 10:02:52.710root 11241100x80000000000000006959693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbd852840fa48172022-01-05 10:02:52.710root 11241100x80000000000000006959694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033d9b2fc57a6c152022-01-05 10:02:52.711root 11241100x80000000000000006959695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15620553638766c2022-01-05 10:02:52.711root 11241100x80000000000000006959696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca53db08bef0a0d2022-01-05 10:02:52.711root 11241100x80000000000000006959697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273e0488b79f219c2022-01-05 10:02:52.711root 11241100x80000000000000006959698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0896aa2d9272ef2022-01-05 10:02:52.711root 11241100x80000000000000006959699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2d9c7d688458c32022-01-05 10:02:52.711root 11241100x80000000000000006959700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7beca7802cb1adb2022-01-05 10:02:52.711root 11241100x80000000000000006959701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319f5eca3870e0a22022-01-05 10:02:52.711root 11241100x80000000000000006959702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcea310288034ea42022-01-05 10:02:52.711root 11241100x80000000000000006959703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876c40f1bf5893bf2022-01-05 10:02:52.711root 11241100x80000000000000006959704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acbe82258ea93562022-01-05 10:02:52.711root 11241100x80000000000000006959705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38359c604139d5f42022-01-05 10:02:52.711root 11241100x80000000000000006959706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247bd27cf549261d2022-01-05 10:02:52.711root 11241100x80000000000000006959707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8890da2d47e210cc2022-01-05 10:02:52.712root 11241100x80000000000000006959708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:52.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d9f73315be65e92022-01-05 10:02:52.712root 11241100x80000000000000006959709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e01d347294f002d2022-01-05 10:02:53.210root 11241100x80000000000000006959710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93240cf4235508612022-01-05 10:02:53.210root 11241100x80000000000000006959711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ace55db322fe5492022-01-05 10:02:53.210root 11241100x80000000000000006959712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5262d6812fa22bc82022-01-05 10:02:53.210root 11241100x80000000000000006959713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a836d1101e5dae72022-01-05 10:02:53.210root 11241100x80000000000000006959714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff77d4fbe0426e152022-01-05 10:02:53.210root 11241100x80000000000000006959715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd2ed1d9c6fa0a82022-01-05 10:02:53.210root 11241100x80000000000000006959716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49be0c985af40f622022-01-05 10:02:53.210root 11241100x80000000000000006959717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08741bcf9b9ade02022-01-05 10:02:53.210root 11241100x80000000000000006959718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dddf04d5ac89122022-01-05 10:02:53.210root 11241100x80000000000000006959719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c33f4831766682022-01-05 10:02:53.211root 11241100x80000000000000006959720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14016aaa74e808022022-01-05 10:02:53.211root 11241100x80000000000000006959721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a3268a5c3f45222022-01-05 10:02:53.211root 11241100x80000000000000006959722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33f5dc7314bc3392022-01-05 10:02:53.211root 11241100x80000000000000006959723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb73eaa8db607f2022-01-05 10:02:53.211root 11241100x80000000000000006959724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ba860b328a88952022-01-05 10:02:53.211root 11241100x80000000000000006959725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db4761b961f3be72022-01-05 10:02:53.211root 11241100x80000000000000006959726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b8ef3ee7e5b9222022-01-05 10:02:53.211root 11241100x80000000000000006959727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cf3c68bb85afe12022-01-05 10:02:53.211root 11241100x80000000000000006959728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c996e33e8505a3e12022-01-05 10:02:53.211root 11241100x80000000000000006959729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171a9768ed80911a2022-01-05 10:02:53.211root 11241100x80000000000000006959730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe57bd3183711012022-01-05 10:02:53.211root 11241100x80000000000000006959731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddf1dac2cf57cb92022-01-05 10:02:53.211root 11241100x80000000000000006959732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc68285fde4a80a2022-01-05 10:02:53.212root 11241100x80000000000000006959733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd8c08998b165842022-01-05 10:02:53.710root 11241100x80000000000000006959734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e0137f4476f61f2022-01-05 10:02:53.710root 11241100x80000000000000006959735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44ded7457efb2382022-01-05 10:02:53.710root 11241100x80000000000000006959736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84962b4356830acf2022-01-05 10:02:53.710root 11241100x80000000000000006959737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd016c159b6193942022-01-05 10:02:53.710root 11241100x80000000000000006959738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e5d3f754b1bca62022-01-05 10:02:53.710root 11241100x80000000000000006959739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1732a517ef4d739f2022-01-05 10:02:53.710root 11241100x80000000000000006959740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297d2332b104e1ee2022-01-05 10:02:53.710root 11241100x80000000000000006959741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc9c101f252eb162022-01-05 10:02:53.711root 11241100x80000000000000006959742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfe783a2ecdc9902022-01-05 10:02:53.711root 11241100x80000000000000006959743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f442ee0506c889e52022-01-05 10:02:53.711root 11241100x80000000000000006959744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f0cd8daf6029fd2022-01-05 10:02:53.711root 11241100x80000000000000006959745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8d44192413f0292022-01-05 10:02:53.711root 11241100x80000000000000006959746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4da4f43eb3106032022-01-05 10:02:53.711root 11241100x80000000000000006959747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca028f6af4b2c3e62022-01-05 10:02:53.711root 11241100x80000000000000006959748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3153fdc96aed38102022-01-05 10:02:53.711root 11241100x80000000000000006959749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a620311b04b8aff02022-01-05 10:02:53.711root 11241100x80000000000000006959750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebef2b89bdb4a462022-01-05 10:02:53.712root 11241100x80000000000000006959751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ea597239a381ed2022-01-05 10:02:53.712root 11241100x80000000000000006959752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b503b2124dfb322022-01-05 10:02:53.712root 11241100x80000000000000006959753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccfcbc3df073db22022-01-05 10:02:53.712root 11241100x80000000000000006959754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f553a3bff5e3f4c02022-01-05 10:02:53.712root 11241100x80000000000000006959755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7655842f214c8072022-01-05 10:02:53.712root 11241100x80000000000000006959756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:53.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb3aa5096d727ee2022-01-05 10:02:53.712root 11241100x80000000000000006959757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718cf6d688fa24802022-01-05 10:02:54.209root 11241100x80000000000000006959758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06844aa174585e92022-01-05 10:02:54.209root 11241100x80000000000000006959759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc42712610e79f52022-01-05 10:02:54.209root 11241100x80000000000000006959760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ba7908cd43286e2022-01-05 10:02:54.209root 11241100x80000000000000006959761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b9b94b7d0e261b2022-01-05 10:02:54.209root 11241100x80000000000000006959762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d72e5fadcb622d2022-01-05 10:02:54.210root 11241100x80000000000000006959763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a3f0504348826f2022-01-05 10:02:54.210root 11241100x80000000000000006959764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e0b738765999ed2022-01-05 10:02:54.210root 11241100x80000000000000006959765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c7347a5e6a4c6f2022-01-05 10:02:54.210root 11241100x80000000000000006959766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6585fc6d323bdc2022-01-05 10:02:54.210root 11241100x80000000000000006959767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35cf61b632b41e42022-01-05 10:02:54.210root 11241100x80000000000000006959768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f162ea8186d5e82022-01-05 10:02:54.210root 11241100x80000000000000006959769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9018363b60514f2022-01-05 10:02:54.210root 11241100x80000000000000006959770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e4005444fb5f0d2022-01-05 10:02:54.210root 11241100x80000000000000006959771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc93c725f0b4ba52022-01-05 10:02:54.211root 11241100x80000000000000006959772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f02773bcf372a7d2022-01-05 10:02:54.211root 11241100x80000000000000006959773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef41e6dab016c3b02022-01-05 10:02:54.211root 11241100x80000000000000006959774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fd26831049100c2022-01-05 10:02:54.211root 11241100x80000000000000006959775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53aa4dccd183dbb2022-01-05 10:02:54.211root 11241100x80000000000000006959776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef81b332595f71e42022-01-05 10:02:54.211root 11241100x80000000000000006959777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c278975c1e586f012022-01-05 10:02:54.211root 11241100x80000000000000006959778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af5345f9a8778982022-01-05 10:02:54.211root 11241100x80000000000000006959779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a173f2c05d2121d82022-01-05 10:02:54.211root 11241100x80000000000000006959780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a32f923942c88a2022-01-05 10:02:54.211root 11241100x80000000000000006959781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea75ed91e35be422022-01-05 10:02:54.211root 11241100x80000000000000006959782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ed49196b6107c92022-01-05 10:02:54.211root 11241100x80000000000000006959783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13becca36879cc082022-01-05 10:02:54.211root 11241100x80000000000000006959784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb1aedded28b9082022-01-05 10:02:54.212root 11241100x80000000000000006959785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81af39596b04dc022022-01-05 10:02:54.212root 11241100x80000000000000006959786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed34d2800f1e0612022-01-05 10:02:54.212root 11241100x80000000000000006959787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6f98112eeab4762022-01-05 10:02:54.212root 11241100x80000000000000006959788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f2eebe7ea374502022-01-05 10:02:54.212root 11241100x80000000000000006959789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84305be5354348f02022-01-05 10:02:54.212root 11241100x80000000000000006959790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e318dcb2c0f5a26d2022-01-05 10:02:54.709root 11241100x80000000000000006959791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2cafed3e3f5cc92022-01-05 10:02:54.710root 11241100x80000000000000006959792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1ef9b17e0800172022-01-05 10:02:54.710root 11241100x80000000000000006959793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582e5c26d79072862022-01-05 10:02:54.710root 11241100x80000000000000006959794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7938ca552469bdfa2022-01-05 10:02:54.710root 11241100x80000000000000006959795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4bd71cc6c543c32022-01-05 10:02:54.710root 11241100x80000000000000006959796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1821c13c9add503d2022-01-05 10:02:54.710root 11241100x80000000000000006959797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35559683d3f33ccf2022-01-05 10:02:54.710root 11241100x80000000000000006959798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14efd5afb91f00cd2022-01-05 10:02:54.710root 11241100x80000000000000006959799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3acff69b7b17cfb2022-01-05 10:02:54.710root 11241100x80000000000000006959800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc4470ebfe34e372022-01-05 10:02:54.710root 11241100x80000000000000006959801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38b0f2ec2ec26e62022-01-05 10:02:54.710root 11241100x80000000000000006959802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0baba68ad7d6392022-01-05 10:02:54.710root 11241100x80000000000000006959803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0eb97c2356a48c22022-01-05 10:02:54.710root 11241100x80000000000000006959804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2bdc13d6e10f072022-01-05 10:02:54.711root 11241100x80000000000000006959805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e781db83cd3ca4a2022-01-05 10:02:54.711root 11241100x80000000000000006959806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6275f393acc7a92022-01-05 10:02:54.711root 11241100x80000000000000006959807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9e8bf60cf1f6272022-01-05 10:02:54.711root 11241100x80000000000000006959808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb454d324cb54c9c2022-01-05 10:02:54.711root 11241100x80000000000000006959809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45be77962d2498522022-01-05 10:02:54.711root 11241100x80000000000000006959810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c813ded1241290082022-01-05 10:02:54.711root 11241100x80000000000000006959811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82782bc86c931b132022-01-05 10:02:54.711root 11241100x80000000000000006959812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4107e20be206fe122022-01-05 10:02:54.711root 11241100x80000000000000006959813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:54.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03988a8c328c0e1c2022-01-05 10:02:54.711root 11241100x80000000000000006959814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468b3b50a57b16972022-01-05 10:02:55.210root 11241100x80000000000000006959815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1324c227804b3e22022-01-05 10:02:55.210root 11241100x80000000000000006959816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da0de793337dc812022-01-05 10:02:55.211root 11241100x80000000000000006959817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a19e0fdd5b54b92022-01-05 10:02:55.211root 11241100x80000000000000006959818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6869574795e67d22022-01-05 10:02:55.211root 11241100x80000000000000006959819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6408a1bf1a8a282022-01-05 10:02:55.211root 11241100x80000000000000006959820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3e0dbfac27a86e2022-01-05 10:02:55.211root 11241100x80000000000000006959821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdfd1a4a0d5e8972022-01-05 10:02:55.212root 11241100x80000000000000006959822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a9ef0efa2846cc2022-01-05 10:02:55.212root 11241100x80000000000000006959823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e852f3559f5db6a92022-01-05 10:02:55.212root 11241100x80000000000000006959824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e661a9acc5add12022-01-05 10:02:55.212root 11241100x80000000000000006959825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eff1acaa43247c22022-01-05 10:02:55.212root 11241100x80000000000000006959826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181cebd75939f1002022-01-05 10:02:55.212root 11241100x80000000000000006959827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d6a8d8b2d09e832022-01-05 10:02:55.212root 11241100x80000000000000006959828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaa80e051fb5dc52022-01-05 10:02:55.212root 11241100x80000000000000006959829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e85427616589e1b2022-01-05 10:02:55.213root 11241100x80000000000000006959830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cc195e99f40ef22022-01-05 10:02:55.213root 11241100x80000000000000006959831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dfa814aa5b967d2022-01-05 10:02:55.213root 11241100x80000000000000006959832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f172847295088b2022-01-05 10:02:55.213root 11241100x80000000000000006959833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbbaf1c4899e6dc2022-01-05 10:02:55.213root 11241100x80000000000000006959834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe53c0bd02358972022-01-05 10:02:55.213root 11241100x80000000000000006959835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f336fb35f27fd45b2022-01-05 10:02:55.213root 11241100x80000000000000006959836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07c88bda60a32d62022-01-05 10:02:55.213root 11241100x80000000000000006959837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6962a8db3d58532022-01-05 10:02:55.214root 11241100x80000000000000006959838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbecc4c9e64dd472022-01-05 10:02:55.710root 11241100x80000000000000006959839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a95ace4844aa232022-01-05 10:02:55.710root 11241100x80000000000000006959840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe274926f0052dc2022-01-05 10:02:55.710root 11241100x80000000000000006959841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54267362909b9a62022-01-05 10:02:55.710root 11241100x80000000000000006959842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77498d5f445bd1ec2022-01-05 10:02:55.710root 11241100x80000000000000006959843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24f7136ef5036c92022-01-05 10:02:55.710root 11241100x80000000000000006959844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf89846f78b26f202022-01-05 10:02:55.710root 11241100x80000000000000006959845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c643f14ed285cf0b2022-01-05 10:02:55.710root 11241100x80000000000000006959846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02ab53a3ddbfdc42022-01-05 10:02:55.711root 11241100x80000000000000006959847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed3ead8957f64012022-01-05 10:02:55.711root 11241100x80000000000000006959848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53637466349ca6312022-01-05 10:02:55.711root 11241100x80000000000000006959849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26257a8d80d4bb62022-01-05 10:02:55.711root 11241100x80000000000000006959850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb7dab9db4501ea2022-01-05 10:02:55.711root 11241100x80000000000000006959851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d4535012660eab2022-01-05 10:02:55.711root 11241100x80000000000000006959852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e41b0a0e2720a42022-01-05 10:02:55.711root 11241100x80000000000000006959853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01761caf172eb3a02022-01-05 10:02:55.711root 11241100x80000000000000006959854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b3bdbd872cbfc02022-01-05 10:02:55.711root 11241100x80000000000000006959855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb7f626c36bab7f2022-01-05 10:02:55.711root 11241100x80000000000000006959856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948cee2808337a032022-01-05 10:02:55.711root 11241100x80000000000000006959857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e5359290a4caad2022-01-05 10:02:55.711root 11241100x80000000000000006959858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1ea653663444192022-01-05 10:02:55.711root 11241100x80000000000000006959859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b94ca33034f0d52022-01-05 10:02:55.711root 11241100x80000000000000006959860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188be932a99169dc2022-01-05 10:02:55.712root 11241100x80000000000000006959861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5fc0ce3558ffc32022-01-05 10:02:55.712root 354300x80000000000000006959862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.133{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41720-false10.0.1.12-8000- 11241100x80000000000000006959863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6ace00ae25de272022-01-05 10:02:56.134root 11241100x80000000000000006959864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9035675f0cdcfe42022-01-05 10:02:56.134root 11241100x80000000000000006959865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175fe87d8b65edff2022-01-05 10:02:56.134root 11241100x80000000000000006959866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ebafdd67840bcb2022-01-05 10:02:56.134root 11241100x80000000000000006959867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c877a81f2764d02022-01-05 10:02:56.134root 11241100x80000000000000006959868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf4fce3574b1a172022-01-05 10:02:56.134root 11241100x80000000000000006959869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c0d9f5189a9af12022-01-05 10:02:56.134root 11241100x80000000000000006959870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec5a9ad8de74a672022-01-05 10:02:56.135root 11241100x80000000000000006959871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35d143ccce4de5f2022-01-05 10:02:56.135root 11241100x80000000000000006959872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f207503b4df72e12022-01-05 10:02:56.135root 11241100x80000000000000006959873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1934a0c7196937b82022-01-05 10:02:56.135root 11241100x80000000000000006959874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300c9a0c6dcbd4ff2022-01-05 10:02:56.135root 11241100x80000000000000006959875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e090d06b0a384f2022-01-05 10:02:56.135root 11241100x80000000000000006959876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd0f8372daa798f2022-01-05 10:02:56.135root 11241100x80000000000000006959877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4135fb3d7c92e8872022-01-05 10:02:56.135root 11241100x80000000000000006959878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1439d05dfc46112022-01-05 10:02:56.135root 11241100x80000000000000006959879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358e874b1b4a9faf2022-01-05 10:02:56.135root 11241100x80000000000000006959880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1729b2ed7daab52022-01-05 10:02:56.135root 11241100x80000000000000006959881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6191174ffe07f4722022-01-05 10:02:56.135root 11241100x80000000000000006959882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98946bce570a566b2022-01-05 10:02:56.135root 11241100x80000000000000006959883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5ba987b5e3ca032022-01-05 10:02:56.135root 11241100x80000000000000006959884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b14e8096ab15b02022-01-05 10:02:56.135root 11241100x80000000000000006959885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a865cb2baea8470c2022-01-05 10:02:56.135root 11241100x80000000000000006959886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400c20c2ff5330022022-01-05 10:02:56.136root 11241100x80000000000000006959887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029e1c51274f1f632022-01-05 10:02:56.136root 11241100x80000000000000006959888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcb82376d3b48022022-01-05 10:02:56.136root 11241100x80000000000000006959889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079edc2a9b7722f12022-01-05 10:02:56.136root 11241100x80000000000000006959890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4210d0fda62fc022022-01-05 10:02:56.136root 11241100x80000000000000006959891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc2ed0e514a0b202022-01-05 10:02:56.136root 11241100x80000000000000006959892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cac77ec04dc4e492022-01-05 10:02:56.136root 11241100x80000000000000006959893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a63548c3ae478c42022-01-05 10:02:56.136root 11241100x80000000000000006959894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e561d9c75a6c2f2022-01-05 10:02:56.136root 11241100x80000000000000006959895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a00557d4dfa76c2022-01-05 10:02:56.136root 11241100x80000000000000006959896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f000c84ac10ce7ff2022-01-05 10:02:56.136root 11241100x80000000000000006959897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d1de4e48c960be2022-01-05 10:02:56.136root 11241100x80000000000000006959898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772beef01aba569c2022-01-05 10:02:56.136root 11241100x80000000000000006959899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e56ebf933a1fbc72022-01-05 10:02:56.136root 11241100x80000000000000006959900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.137{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515a2a8d7c00b8702022-01-05 10:02:56.137root 11241100x80000000000000006959901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.137{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446ef06dbe37b3412022-01-05 10:02:56.137root 11241100x80000000000000006959902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.137{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53386fb383190602022-01-05 10:02:56.137root 11241100x80000000000000006959903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6aa54d9796b3ce2022-01-05 10:02:56.460root 11241100x80000000000000006959904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8855f3d987004ef32022-01-05 10:02:56.460root 11241100x80000000000000006959905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1719a566be3e79262022-01-05 10:02:56.460root 11241100x80000000000000006959906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6085e332df5b24422022-01-05 10:02:56.460root 11241100x80000000000000006959907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4e7c3167d11b552022-01-05 10:02:56.460root 11241100x80000000000000006959908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfdddf7da7da6f92022-01-05 10:02:56.460root 11241100x80000000000000006959909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86086efe144da51c2022-01-05 10:02:56.460root 11241100x80000000000000006959910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b089421529fd382022-01-05 10:02:56.460root 11241100x80000000000000006959911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48703fb1f199d0b72022-01-05 10:02:56.460root 11241100x80000000000000006959912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95888bf3c4edcc392022-01-05 10:02:56.461root 11241100x80000000000000006959913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c874a9bfebd2daa52022-01-05 10:02:56.461root 11241100x80000000000000006959914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ae9284833636b22022-01-05 10:02:56.461root 11241100x80000000000000006959915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0178105027e20d8d2022-01-05 10:02:56.461root 11241100x80000000000000006959916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6874f5f389b24c2b2022-01-05 10:02:56.462root 11241100x80000000000000006959917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920cbf86ec1a1cfe2022-01-05 10:02:56.462root 11241100x80000000000000006959918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ef62012f57375d2022-01-05 10:02:56.462root 11241100x80000000000000006959919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2636bf214e99642022-01-05 10:02:56.462root 11241100x80000000000000006959920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d2de62ef3cb4242022-01-05 10:02:56.463root 11241100x80000000000000006959921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e038637dd4543f6a2022-01-05 10:02:56.463root 11241100x80000000000000006959922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1db6bd0422fca4e2022-01-05 10:02:56.464root 11241100x80000000000000006959923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31e28ed580eb1412022-01-05 10:02:56.464root 11241100x80000000000000006959924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fdbb25e1ea42582022-01-05 10:02:56.465root 11241100x80000000000000006959925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633c699efd396a682022-01-05 10:02:56.466root 11241100x80000000000000006959926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c960ad14fd877f2022-01-05 10:02:56.466root 11241100x80000000000000006959927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51722226f4d16f92022-01-05 10:02:56.466root 11241100x80000000000000006959928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27df107829b26d32022-01-05 10:02:56.960root 11241100x80000000000000006959929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fd8c4c0bcd798a2022-01-05 10:02:56.960root 11241100x80000000000000006959930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7fd0f9b8b5f2612022-01-05 10:02:56.960root 11241100x80000000000000006959931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a318db761f66834a2022-01-05 10:02:56.960root 11241100x80000000000000006959932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c00b508cc123302022-01-05 10:02:56.960root 11241100x80000000000000006959933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e51af3ed4d8b8bf2022-01-05 10:02:56.960root 11241100x80000000000000006959934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233a3007d8e9ab472022-01-05 10:02:56.960root 11241100x80000000000000006959935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8c26fbc6e208712022-01-05 10:02:56.960root 11241100x80000000000000006959936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e7d2342359644a2022-01-05 10:02:56.960root 11241100x80000000000000006959937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6cbe4772aa78c32022-01-05 10:02:56.961root 11241100x80000000000000006959938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7424db84b025bd902022-01-05 10:02:56.961root 11241100x80000000000000006959939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfd4597f0e3a5ea2022-01-05 10:02:56.961root 11241100x80000000000000006959940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb2c312fbd229c72022-01-05 10:02:56.961root 11241100x80000000000000006959941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379f977dc0b44ec82022-01-05 10:02:56.961root 11241100x80000000000000006959942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43abcef0142091f2022-01-05 10:02:56.961root 11241100x80000000000000006959943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590abbda159097eb2022-01-05 10:02:56.961root 11241100x80000000000000006959944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd5f21c2f65a14a2022-01-05 10:02:56.961root 11241100x80000000000000006959945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00e5ce02ce09b932022-01-05 10:02:56.961root 11241100x80000000000000006959946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e76ff2b4516ead2022-01-05 10:02:56.961root 11241100x80000000000000006959947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1405999bd6d19fbc2022-01-05 10:02:56.961root 11241100x80000000000000006959948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e883b85648d0fc2022-01-05 10:02:56.961root 11241100x80000000000000006959949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a123451a28068b522022-01-05 10:02:56.961root 11241100x80000000000000006959950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce36a67a70b9afe82022-01-05 10:02:56.961root 11241100x80000000000000006959951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e3fbcd9ea45ce32022-01-05 10:02:56.962root 11241100x80000000000000006959952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90b98d6ed1c25ac2022-01-05 10:02:56.962root 11241100x80000000000000006959953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8182711849102572022-01-05 10:02:57.460root 11241100x80000000000000006959954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a413230b7bd4646c2022-01-05 10:02:57.460root 11241100x80000000000000006959955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ba98d1ad7eb1302022-01-05 10:02:57.460root 11241100x80000000000000006959956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5de684f0fcc2af92022-01-05 10:02:57.460root 11241100x80000000000000006959957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37454f2026d331102022-01-05 10:02:57.460root 11241100x80000000000000006959958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16563fc0df5558be2022-01-05 10:02:57.460root 11241100x80000000000000006959959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299afa6707e829622022-01-05 10:02:57.460root 11241100x80000000000000006959960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57a17aa0da5cafa2022-01-05 10:02:57.460root 11241100x80000000000000006959961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21541e431edbf5d2022-01-05 10:02:57.460root 11241100x80000000000000006959962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abcb8c0d022cc502022-01-05 10:02:57.461root 11241100x80000000000000006959963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b469a2944a3ea42022-01-05 10:02:57.461root 11241100x80000000000000006959964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de13759967f618a2022-01-05 10:02:57.461root 11241100x80000000000000006959965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e492b4c1dbf0e12022-01-05 10:02:57.461root 11241100x80000000000000006959966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876b7e7b1e0bb9832022-01-05 10:02:57.461root 11241100x80000000000000006959967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9657eb538d4fb2ce2022-01-05 10:02:57.461root 11241100x80000000000000006959968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a1f07394ab1e652022-01-05 10:02:57.462root 11241100x80000000000000006959969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439c68a232b523892022-01-05 10:02:57.462root 11241100x80000000000000006959970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f0b4dd32772e522022-01-05 10:02:57.462root 11241100x80000000000000006959971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397bc11ca3961b4f2022-01-05 10:02:57.463root 11241100x80000000000000006959972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65b0f54d0d805cc2022-01-05 10:02:57.463root 11241100x80000000000000006959973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcd507c3423a9a72022-01-05 10:02:57.463root 11241100x80000000000000006959974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4d066d214d274f2022-01-05 10:02:57.464root 11241100x80000000000000006959975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c554e8c87cef72022022-01-05 10:02:57.464root 11241100x80000000000000006959976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0989b8f3749b8d492022-01-05 10:02:57.464root 11241100x80000000000000006959977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aea0989654d2ec2022-01-05 10:02:57.464root 11241100x80000000000000006959978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b6a05362d66412022-01-05 10:02:57.960root 11241100x80000000000000006959979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1912879ae3f959d2022-01-05 10:02:57.960root 11241100x80000000000000006959980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2541e1e1e74a4bd2022-01-05 10:02:57.960root 11241100x80000000000000006959981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091228b0c7574cd82022-01-05 10:02:57.960root 11241100x80000000000000006959982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7945a4d171eeb8f52022-01-05 10:02:57.960root 11241100x80000000000000006959983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a6c3fe207fa2ac2022-01-05 10:02:57.960root 11241100x80000000000000006959984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8574f6e7a0a2672022-01-05 10:02:57.960root 11241100x80000000000000006959985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7db48337fdc4e472022-01-05 10:02:57.960root 11241100x80000000000000006959986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f3c489e85630262022-01-05 10:02:57.960root 11241100x80000000000000006959987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820b41d749e68f4f2022-01-05 10:02:57.961root 11241100x80000000000000006959988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98d7a1ee369d8ca2022-01-05 10:02:57.961root 11241100x80000000000000006959989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07720124ff754352022-01-05 10:02:57.961root 11241100x80000000000000006959990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315904217eb3f41f2022-01-05 10:02:57.961root 11241100x80000000000000006959991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bb3b65d711a7b42022-01-05 10:02:57.961root 11241100x80000000000000006959992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d68fe618ef67c82022-01-05 10:02:57.961root 11241100x80000000000000006959993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61448a24449f3bf2022-01-05 10:02:57.961root 11241100x80000000000000006959994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5d97126d2142542022-01-05 10:02:57.961root 11241100x80000000000000006959995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae5dd9968bd64c22022-01-05 10:02:57.962root 11241100x80000000000000006959996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25e7ebcab87a2e32022-01-05 10:02:57.962root 11241100x80000000000000006959997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4364d96738dd5bc52022-01-05 10:02:57.962root 11241100x80000000000000006959998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fd1666e3a847cc2022-01-05 10:02:57.962root 11241100x80000000000000006959999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39490e2576ca03ec2022-01-05 10:02:57.962root 11241100x80000000000000006960000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240bad67a8fb0b252022-01-05 10:02:57.962root 11241100x80000000000000006960001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb2211afa917a892022-01-05 10:02:57.962root 11241100x80000000000000006960002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27361410d46a0aaf2022-01-05 10:02:57.962root 11241100x80000000000000006960003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1c63e1f3de6fe92022-01-05 10:02:58.460root 11241100x80000000000000006960004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7133113ae8d47b2022-01-05 10:02:58.460root 11241100x80000000000000006960005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f3ae92e6499d7c2022-01-05 10:02:58.460root 11241100x80000000000000006960006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6309167de546d0322022-01-05 10:02:58.460root 11241100x80000000000000006960007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e54c66f5c0049732022-01-05 10:02:58.460root 11241100x80000000000000006960008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c450c936ff8ea4ef2022-01-05 10:02:58.461root 11241100x80000000000000006960009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e830ee76efe58c2b2022-01-05 10:02:58.461root 11241100x80000000000000006960010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7f0898ca2549d82022-01-05 10:02:58.461root 11241100x80000000000000006960011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de51ffa690a500ae2022-01-05 10:02:58.461root 11241100x80000000000000006960012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6881a5bb8d1a00a2022-01-05 10:02:58.461root 11241100x80000000000000006960013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29317dba4e7043eb2022-01-05 10:02:58.461root 11241100x80000000000000006960014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e36aa64c185ae02022-01-05 10:02:58.462root 11241100x80000000000000006960015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6631af81ecffb752022-01-05 10:02:58.462root 11241100x80000000000000006960016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f7fe92a9d2de82022-01-05 10:02:58.462root 11241100x80000000000000006960017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbc34ae639ee8cf2022-01-05 10:02:58.462root 11241100x80000000000000006960018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3c950764a66e882022-01-05 10:02:58.462root 11241100x80000000000000006960019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6685a3056af22c162022-01-05 10:02:58.462root 11241100x80000000000000006960020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98237e46e32c19b2022-01-05 10:02:58.462root 11241100x80000000000000006960021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa0551f16c967e52022-01-05 10:02:58.462root 11241100x80000000000000006960022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94915af9f97934ce2022-01-05 10:02:58.462root 11241100x80000000000000006960023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccad688f88491182022-01-05 10:02:58.462root 11241100x80000000000000006960024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0771dca09be21c0c2022-01-05 10:02:58.463root 11241100x80000000000000006960025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30daff1e499ce2c22022-01-05 10:02:58.463root 11241100x80000000000000006960026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667c7daa4166fb472022-01-05 10:02:58.463root 11241100x80000000000000006960027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dd11f4b4af6ee62022-01-05 10:02:58.463root 11241100x80000000000000006960028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be4a783808cde452022-01-05 10:02:58.960root 11241100x80000000000000006960029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabd40b3c511f9522022-01-05 10:02:58.960root 11241100x80000000000000006960030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8060290542e8e02e2022-01-05 10:02:58.960root 11241100x80000000000000006960031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9925c842668bd1ac2022-01-05 10:02:58.960root 11241100x80000000000000006960032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5184d158761c082022-01-05 10:02:58.960root 11241100x80000000000000006960033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b57ac278507e292022-01-05 10:02:58.960root 11241100x80000000000000006960034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5379d5f16b2feb2022-01-05 10:02:58.960root 11241100x80000000000000006960035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370497dca0dfc4222022-01-05 10:02:58.960root 11241100x80000000000000006960036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d032ad4c1928142022-01-05 10:02:58.960root 11241100x80000000000000006960037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97582c6d5a51ad8e2022-01-05 10:02:58.960root 11241100x80000000000000006960038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b4714d0a5db73a2022-01-05 10:02:58.961root 11241100x80000000000000006960039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ef1764f9db8cc72022-01-05 10:02:58.961root 11241100x80000000000000006960040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b19e1a135a3ebd2022-01-05 10:02:58.961root 11241100x80000000000000006960041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82735007315cd1362022-01-05 10:02:58.961root 11241100x80000000000000006960042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c40af3cc2b59c82022-01-05 10:02:58.961root 11241100x80000000000000006960043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d387ceb98c970582022-01-05 10:02:58.961root 11241100x80000000000000006960044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80bb91d4e9e8acb2022-01-05 10:02:58.961root 11241100x80000000000000006960045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee746e0d2bc983f2022-01-05 10:02:58.961root 11241100x80000000000000006960046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b535194ec4edb82022-01-05 10:02:58.962root 11241100x80000000000000006960047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eba80aeda4258f62022-01-05 10:02:58.962root 11241100x80000000000000006960048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd25e572ebe97ace2022-01-05 10:02:58.962root 11241100x80000000000000006960049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731d6dd579e922f42022-01-05 10:02:58.962root 11241100x80000000000000006960050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b4a0ac08d1e9d72022-01-05 10:02:58.962root 11241100x80000000000000006960051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b018b408b878662022-01-05 10:02:58.962root 11241100x80000000000000006960052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d1d4cfac36672b2022-01-05 10:02:58.962root 11241100x80000000000000006960053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.220{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:02:59.220root 11241100x80000000000000006960054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8776d18a9b528bbc2022-01-05 10:02:59.221root 11241100x80000000000000006960055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf1d874b87804f02022-01-05 10:02:59.222root 11241100x80000000000000006960056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcabf3773ec6b5572022-01-05 10:02:59.222root 11241100x80000000000000006960057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df8af911cfbd6a82022-01-05 10:02:59.222root 11241100x80000000000000006960058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75932f77d555e1e82022-01-05 10:02:59.222root 11241100x80000000000000006960059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bfa1ae9963bfad2022-01-05 10:02:59.223root 11241100x80000000000000006960060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30e12bf459e4222022-01-05 10:02:59.223root 11241100x80000000000000006960061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84610ac3508d88192022-01-05 10:02:59.223root 11241100x80000000000000006960062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e4d40381e63ff02022-01-05 10:02:59.223root 11241100x80000000000000006960063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b115fcb1f628cfe62022-01-05 10:02:59.224root 11241100x80000000000000006960064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd42b8fce4b3d8b2022-01-05 10:02:59.224root 11241100x80000000000000006960065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3adfbbc596aa222022-01-05 10:02:59.225root 11241100x80000000000000006960066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6640aa01d457b0a22022-01-05 10:02:59.225root 11241100x80000000000000006960067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbb7163d02113382022-01-05 10:02:59.226root 11241100x80000000000000006960068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44e2873665553ee2022-01-05 10:02:59.226root 11241100x80000000000000006960069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87ac8eb495e72532022-01-05 10:02:59.226root 11241100x80000000000000006960070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe1c03b101969b42022-01-05 10:02:59.226root 11241100x80000000000000006960071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d888bc000a7acc9d2022-01-05 10:02:59.226root 11241100x80000000000000006960072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4e547a56dccd9f2022-01-05 10:02:59.227root 11241100x80000000000000006960073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff533864bac6b962022-01-05 10:02:59.227root 11241100x80000000000000006960074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7ee21de88a94d42022-01-05 10:02:59.227root 11241100x80000000000000006960075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e952990df44c7cf22022-01-05 10:02:59.228root 11241100x80000000000000006960076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27f229f6f1c91bc2022-01-05 10:02:59.228root 11241100x80000000000000006960077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3cc524105a337d2022-01-05 10:02:59.228root 11241100x80000000000000006960078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d407e0ac68c94c2022-01-05 10:02:59.229root 11241100x80000000000000006960079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f34114cbcf3f2172022-01-05 10:02:59.229root 11241100x80000000000000006960080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e59f5db4106fafa2022-01-05 10:02:59.229root 11241100x80000000000000006960081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c6045b13e9ac032022-01-05 10:02:59.229root 11241100x80000000000000006960082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ec9d8e9fe3c8202022-01-05 10:02:59.229root 11241100x80000000000000006960083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d876fa1b17950a912022-01-05 10:02:59.229root 11241100x80000000000000006960084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c1b26af5256a842022-01-05 10:02:59.229root 11241100x80000000000000006960085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e19ea5c3a75f6bd2022-01-05 10:02:59.229root 11241100x80000000000000006960086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c2fad1258e08d12022-01-05 10:02:59.229root 11241100x80000000000000006960087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83be3b985d4b1e6a2022-01-05 10:02:59.230root 11241100x80000000000000006960088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c7e256e9fad5fe2022-01-05 10:02:59.230root 11241100x80000000000000006960089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7076ba180f059c2022-01-05 10:02:59.710root 11241100x80000000000000006960090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3d108785a607012022-01-05 10:02:59.710root 11241100x80000000000000006960091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cc91b14eb243bf2022-01-05 10:02:59.710root 11241100x80000000000000006960092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef593dc028a98b72022-01-05 10:02:59.710root 11241100x80000000000000006960093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe4ca135e0d008c2022-01-05 10:02:59.710root 11241100x80000000000000006960094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a79bbe2c7337aa52022-01-05 10:02:59.710root 11241100x80000000000000006960095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaab010ab008852e2022-01-05 10:02:59.711root 11241100x80000000000000006960096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd022f402a31e022022-01-05 10:02:59.711root 11241100x80000000000000006960097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5260c9a2ca99e8d82022-01-05 10:02:59.712root 11241100x80000000000000006960098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a5de5b65a450e62022-01-05 10:02:59.712root 11241100x80000000000000006960099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4bcc38a28aa7732022-01-05 10:02:59.712root 11241100x80000000000000006960100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a92235eeafeb7bb2022-01-05 10:02:59.712root 11241100x80000000000000006960101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5111c775c7422e572022-01-05 10:02:59.712root 11241100x80000000000000006960102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f597cfdcca106b2022-01-05 10:02:59.712root 11241100x80000000000000006960103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb70d754c1b24bfa2022-01-05 10:02:59.713root 11241100x80000000000000006960104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c468d02a9b4e846e2022-01-05 10:02:59.713root 11241100x80000000000000006960105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c0e630e4ce8fb72022-01-05 10:02:59.713root 11241100x80000000000000006960106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03f973366a257c92022-01-05 10:02:59.713root 11241100x80000000000000006960107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa45f74bda9a0cec2022-01-05 10:02:59.714root 11241100x80000000000000006960108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b625d3b983ab7622022-01-05 10:02:59.714root 11241100x80000000000000006960109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48586bc49c155dc2022-01-05 10:02:59.714root 11241100x80000000000000006960110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369e551f8ed4ea162022-01-05 10:02:59.715root 11241100x80000000000000006960111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e66fa3eaeb34d772022-01-05 10:02:59.715root 11241100x80000000000000006960112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9299a42c047a16802022-01-05 10:02:59.715root 11241100x80000000000000006960113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1ff8e1e93136502022-01-05 10:02:59.716root 11241100x80000000000000006960114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:59.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af0c186df8591992022-01-05 10:02:59.716root 11241100x80000000000000006960115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69994c959ec7c1472022-01-05 10:03:00.210root 11241100x80000000000000006960116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89036bbb742059892022-01-05 10:03:00.210root 11241100x80000000000000006960117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbf3fb2c076c2e42022-01-05 10:03:00.210root 11241100x80000000000000006960118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b746be88b954ba342022-01-05 10:03:00.210root 11241100x80000000000000006960119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84106406401bb3012022-01-05 10:03:00.210root 11241100x80000000000000006960120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60b7b62ad0976912022-01-05 10:03:00.210root 11241100x80000000000000006960121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46252e3c9219a4522022-01-05 10:03:00.210root 11241100x80000000000000006960122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785ec1952f46712d2022-01-05 10:03:00.210root 11241100x80000000000000006960123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cc70223588c8f62022-01-05 10:03:00.210root 11241100x80000000000000006960124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a4f26cf2cafb2a2022-01-05 10:03:00.211root 11241100x80000000000000006960125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9c1c1c350401722022-01-05 10:03:00.211root 11241100x80000000000000006960126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab61eceffe3212b2022-01-05 10:03:00.211root 11241100x80000000000000006960127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399cc1ef4ce9c9402022-01-05 10:03:00.211root 11241100x80000000000000006960128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af3490ea6714b582022-01-05 10:03:00.211root 11241100x80000000000000006960129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8ac27d5d45c6962022-01-05 10:03:00.211root 11241100x80000000000000006960130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d835bd66f253a32022-01-05 10:03:00.211root 11241100x80000000000000006960131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ead1f525003c902022-01-05 10:03:00.211root 11241100x80000000000000006960132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f5bbeb57da6d0e2022-01-05 10:03:00.211root 11241100x80000000000000006960133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9da6fa9612675e2022-01-05 10:03:00.211root 11241100x80000000000000006960134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778d2e19134a564c2022-01-05 10:03:00.211root 11241100x80000000000000006960135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde5bc4b3d802502022-01-05 10:03:00.211root 11241100x80000000000000006960136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5883314ba1d6fdab2022-01-05 10:03:00.212root 11241100x80000000000000006960137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8e139c096386a12022-01-05 10:03:00.212root 11241100x80000000000000006960138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8137994e3f2e54d72022-01-05 10:03:00.212root 11241100x80000000000000006960139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dbc2043ce49c102022-01-05 10:03:00.212root 11241100x80000000000000006960140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74582c1e05a94a72022-01-05 10:03:00.212root 11241100x80000000000000006960141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09253079f55698612022-01-05 10:03:00.710root 11241100x80000000000000006960142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8349580ccb8a7c2022-01-05 10:03:00.710root 11241100x80000000000000006960143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10569740b5cdf702022-01-05 10:03:00.710root 11241100x80000000000000006960144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e985056ec51395fb2022-01-05 10:03:00.711root 11241100x80000000000000006960145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b489bc11f8ade572022-01-05 10:03:00.711root 11241100x80000000000000006960146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035600a85dc774842022-01-05 10:03:00.711root 11241100x80000000000000006960147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4062af92429521ed2022-01-05 10:03:00.711root 11241100x80000000000000006960148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54e9b7ac43074612022-01-05 10:03:00.711root 11241100x80000000000000006960149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb1f8dd300952c2022-01-05 10:03:00.712root 11241100x80000000000000006960150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe34aa3237a9692022-01-05 10:03:00.712root 11241100x80000000000000006960151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a73af2354e5e192022-01-05 10:03:00.712root 11241100x80000000000000006960152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e988dbad69c528172022-01-05 10:03:00.712root 11241100x80000000000000006960153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0ed8a0633665882022-01-05 10:03:00.712root 11241100x80000000000000006960154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cf37f77b84cb332022-01-05 10:03:00.712root 11241100x80000000000000006960155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c58a3e53bf5e6692022-01-05 10:03:00.712root 11241100x80000000000000006960156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e9248f3c5d158d2022-01-05 10:03:00.712root 11241100x80000000000000006960157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d30dd94cb875dc92022-01-05 10:03:00.712root 11241100x80000000000000006960158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb05ba214caeac9b2022-01-05 10:03:00.712root 11241100x80000000000000006960159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabcfd615001d4272022-01-05 10:03:00.713root 11241100x80000000000000006960160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683d8bcc42f199ef2022-01-05 10:03:00.713root 11241100x80000000000000006960161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd43d6ab3932f3892022-01-05 10:03:00.713root 11241100x80000000000000006960162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e315f1dc9a70ae2022-01-05 10:03:00.713root 11241100x80000000000000006960163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1ca036a27250a62022-01-05 10:03:00.713root 11241100x80000000000000006960164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb53c3ac0704c712022-01-05 10:03:00.713root 11241100x80000000000000006960165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e69896ad3910c52022-01-05 10:03:00.713root 11241100x80000000000000006960166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:00.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199592bbb915cb422022-01-05 10:03:00.714root 354300x80000000000000006960167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.208{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41722-false10.0.1.12-8000- 11241100x80000000000000006960168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79cf453d00db7652022-01-05 10:03:01.209root 11241100x80000000000000006960169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223a0c0e6693cb832022-01-05 10:03:01.209root 11241100x80000000000000006960170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66d7e343ee14742022-01-05 10:03:01.209root 11241100x80000000000000006960171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f5c8014e32233b2022-01-05 10:03:01.209root 11241100x80000000000000006960172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a1fde9aad188562022-01-05 10:03:01.209root 11241100x80000000000000006960173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aa0ed0c55df5e12022-01-05 10:03:01.209root 11241100x80000000000000006960174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9b7a7091d527582022-01-05 10:03:01.209root 11241100x80000000000000006960175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ff43c3527696af2022-01-05 10:03:01.209root 11241100x80000000000000006960176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56309d38affe3e82022-01-05 10:03:01.209root 11241100x80000000000000006960177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352bac7581340da92022-01-05 10:03:01.209root 11241100x80000000000000006960178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb42d5315eaa21342022-01-05 10:03:01.209root 11241100x80000000000000006960179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac11322460494b932022-01-05 10:03:01.209root 11241100x80000000000000006960180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5d9854141a3a0f2022-01-05 10:03:01.210root 11241100x80000000000000006960181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a898303445005aa52022-01-05 10:03:01.210root 11241100x80000000000000006960182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f0111eb963142e2022-01-05 10:03:01.210root 11241100x80000000000000006960183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a779751fccaba22022-01-05 10:03:01.210root 11241100x80000000000000006960184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3805fff8822d6b32022-01-05 10:03:01.210root 11241100x80000000000000006960185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28732d1a1dd988182022-01-05 10:03:01.210root 11241100x80000000000000006960186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aec24f27c7b450e2022-01-05 10:03:01.210root 11241100x80000000000000006960187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63457f895b43b8d12022-01-05 10:03:01.210root 11241100x80000000000000006960188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaaef520c5bd20a2022-01-05 10:03:01.210root 11241100x80000000000000006960189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef75a2a1494009f2022-01-05 10:03:01.210root 11241100x80000000000000006960190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d2b785a37a2bcb2022-01-05 10:03:01.210root 11241100x80000000000000006960191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1434a174a3ccdd712022-01-05 10:03:01.210root 11241100x80000000000000006960192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a53f55660464f502022-01-05 10:03:01.210root 11241100x80000000000000006960193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df34d16667bfb2272022-01-05 10:03:01.210root 11241100x80000000000000006960194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93693dd624c793c32022-01-05 10:03:01.210root 11241100x80000000000000006960195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378f269bc06d0b7b2022-01-05 10:03:01.211root 11241100x80000000000000006960196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757bdaf1f8920dff2022-01-05 10:03:01.211root 11241100x80000000000000006960197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a873ce3ee1f8a32022-01-05 10:03:01.211root 11241100x80000000000000006960198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21632a0d500f08d52022-01-05 10:03:01.211root 11241100x80000000000000006960199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729668245cf68e372022-01-05 10:03:01.211root 11241100x80000000000000006960200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504ef84d1fe697332022-01-05 10:03:01.211root 11241100x80000000000000006960201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebae02b854c9c1102022-01-05 10:03:01.211root 11241100x80000000000000006960202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66088a374f877292022-01-05 10:03:01.211root 11241100x80000000000000006960203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088a234db7349f442022-01-05 10:03:01.211root 11241100x80000000000000006960204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32268554aea6cec2022-01-05 10:03:01.211root 11241100x80000000000000006960205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bc27171169438e2022-01-05 10:03:01.211root 11241100x80000000000000006960206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138ee2c321e28a3c2022-01-05 10:03:01.211root 11241100x80000000000000006960207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3184c03f84498d922022-01-05 10:03:01.460root 11241100x80000000000000006960208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55652acaf8f058d2022-01-05 10:03:01.460root 11241100x80000000000000006960209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26284365d7c38e92022-01-05 10:03:01.460root 11241100x80000000000000006960210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6d501e42527ba42022-01-05 10:03:01.460root 11241100x80000000000000006960211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad27b1956ecc01c2022-01-05 10:03:01.460root 11241100x80000000000000006960212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c480025665158142022-01-05 10:03:01.460root 11241100x80000000000000006960213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6d173d26537c332022-01-05 10:03:01.461root 11241100x80000000000000006960214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fb4a5456391d972022-01-05 10:03:01.461root 11241100x80000000000000006960215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df835e7848628d012022-01-05 10:03:01.461root 11241100x80000000000000006960216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438db5e60700f7612022-01-05 10:03:01.461root 11241100x80000000000000006960217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b623f79c716fe0162022-01-05 10:03:01.461root 11241100x80000000000000006960218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb1ebbfdb0ffa462022-01-05 10:03:01.461root 11241100x80000000000000006960219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f8d4191878ce6e2022-01-05 10:03:01.461root 11241100x80000000000000006960220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1514a9623bf794ca2022-01-05 10:03:01.461root 11241100x80000000000000006960221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bcc70c3c4cf36b2022-01-05 10:03:01.462root 11241100x80000000000000006960222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107e8e7c2ebbe4542022-01-05 10:03:01.462root 11241100x80000000000000006960223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172cd09db55089ca2022-01-05 10:03:01.463root 11241100x80000000000000006960224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65662c64b999843c2022-01-05 10:03:01.465root 11241100x80000000000000006960225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df56d77dba838ce2022-01-05 10:03:01.465root 11241100x80000000000000006960226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccee5dea85e9ab02022-01-05 10:03:01.465root 11241100x80000000000000006960227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd61e93ee7e386d2022-01-05 10:03:01.466root 11241100x80000000000000006960228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62eed5c999adb632022-01-05 10:03:01.466root 11241100x80000000000000006960229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de0db1203c332162022-01-05 10:03:01.466root 11241100x80000000000000006960230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d9458ae89d0c5e2022-01-05 10:03:01.466root 11241100x80000000000000006960231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceaa064a3d4a5072022-01-05 10:03:01.467root 11241100x80000000000000006960232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6471e70fcf48545d2022-01-05 10:03:01.467root 11241100x80000000000000006960233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1e8500c1e4b2b2022-01-05 10:03:01.467root 11241100x80000000000000006960234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc70864d7f4a3112022-01-05 10:03:01.960root 11241100x80000000000000006960235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96eba0fc89d7bd52022-01-05 10:03:01.960root 11241100x80000000000000006960236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d2cdc7cad39c932022-01-05 10:03:01.960root 11241100x80000000000000006960237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f08ea4c6e41ca62022-01-05 10:03:01.960root 11241100x80000000000000006960238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacc773f1ccbb0862022-01-05 10:03:01.961root 11241100x80000000000000006960239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61ca66084de70d02022-01-05 10:03:01.961root 11241100x80000000000000006960240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf37e8971ca1186a2022-01-05 10:03:01.961root 11241100x80000000000000006960241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ed859a54f030d12022-01-05 10:03:01.961root 11241100x80000000000000006960242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28197b1e4cafedf2022-01-05 10:03:01.961root 11241100x80000000000000006960243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a19ee958119cf62022-01-05 10:03:01.961root 11241100x80000000000000006960244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0506bd91626993232022-01-05 10:03:01.961root 11241100x80000000000000006960245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19ffa21be1d61192022-01-05 10:03:01.961root 11241100x80000000000000006960246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be729b417aba2742022-01-05 10:03:01.961root 11241100x80000000000000006960247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fc47d54efb78062022-01-05 10:03:01.962root 11241100x80000000000000006960248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0cc17efa4ef7892022-01-05 10:03:01.962root 11241100x80000000000000006960249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e2e1449501e33d2022-01-05 10:03:01.962root 11241100x80000000000000006960250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d3b01cbe0e1bff2022-01-05 10:03:01.962root 11241100x80000000000000006960251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173bb043441fdc6e2022-01-05 10:03:01.962root 11241100x80000000000000006960252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b825959e3c3f40dd2022-01-05 10:03:01.962root 11241100x80000000000000006960253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a122cbe249ec9a2022-01-05 10:03:01.962root 11241100x80000000000000006960254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2937c6aae07532af2022-01-05 10:03:01.962root 11241100x80000000000000006960255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c727402df0de362022-01-05 10:03:01.963root 11241100x80000000000000006960256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacbdf117f5717a82022-01-05 10:03:01.963root 11241100x80000000000000006960257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608b0a8e25b644572022-01-05 10:03:01.963root 11241100x80000000000000006960258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6969445342f90e852022-01-05 10:03:01.963root 11241100x80000000000000006960259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14e665821cbb0b82022-01-05 10:03:01.963root 11241100x80000000000000006960260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:01.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771ec29585f2227c2022-01-05 10:03:01.963root 23542300x80000000000000006960261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.223{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006960262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d40adfbec04ed3b2022-01-05 10:03:02.224root 11241100x80000000000000006960263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f5540e3f15c82b2022-01-05 10:03:02.224root 11241100x80000000000000006960264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c1a5bf742646862022-01-05 10:03:02.224root 11241100x80000000000000006960265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb59394346c611f12022-01-05 10:03:02.224root 11241100x80000000000000006960266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6115c33b556bc87d2022-01-05 10:03:02.225root 11241100x80000000000000006960267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4089eb5d3643f4862022-01-05 10:03:02.225root 11241100x80000000000000006960268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff08931f69daa582022-01-05 10:03:02.225root 11241100x80000000000000006960269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e94b5aed9d808f2022-01-05 10:03:02.225root 11241100x80000000000000006960270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53504f7e21ef9ddf2022-01-05 10:03:02.225root 11241100x80000000000000006960271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b530e9fcd76349762022-01-05 10:03:02.226root 11241100x80000000000000006960272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180184be633471e2022-01-05 10:03:02.226root 11241100x80000000000000006960273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c4886ed7d373f72022-01-05 10:03:02.226root 11241100x80000000000000006960274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793b00900ee4741d2022-01-05 10:03:02.226root 11241100x80000000000000006960275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dac99922fa90882022-01-05 10:03:02.226root 11241100x80000000000000006960276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d12f0d6d45e04862022-01-05 10:03:02.226root 11241100x80000000000000006960277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14e94d358bab0442022-01-05 10:03:02.226root 11241100x80000000000000006960278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa88339b2f126c022022-01-05 10:03:02.226root 11241100x80000000000000006960279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ba75a3f248e8cf2022-01-05 10:03:02.226root 11241100x80000000000000006960280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15d5594891a43b52022-01-05 10:03:02.226root 11241100x80000000000000006960281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae100275e53f1a042022-01-05 10:03:02.226root 11241100x80000000000000006960282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08721ca7f3e645192022-01-05 10:03:02.227root 11241100x80000000000000006960283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6db5b285e2df512022-01-05 10:03:02.227root 11241100x80000000000000006960284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71cf4cf5f8da6462022-01-05 10:03:02.227root 11241100x80000000000000006960285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d38183a76d75602022-01-05 10:03:02.227root 11241100x80000000000000006960286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7c99a9a3e300422022-01-05 10:03:02.227root 11241100x80000000000000006960287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e9f0e5e870c3af2022-01-05 10:03:02.227root 11241100x80000000000000006960288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4308bfbf21d80caa2022-01-05 10:03:02.227root 11241100x80000000000000006960289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788671b48b2db19a2022-01-05 10:03:02.227root 11241100x80000000000000006960290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca351d8ffffba8b2022-01-05 10:03:02.227root 11241100x80000000000000006960291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab89441730f17f72022-01-05 10:03:02.227root 11241100x80000000000000006960292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86929ec4e3c3b952022-01-05 10:03:02.227root 11241100x80000000000000006960293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b5a1d4c7dfca172022-01-05 10:03:02.227root 11241100x80000000000000006960294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e7527674a1b8e62022-01-05 10:03:02.227root 11241100x80000000000000006960295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdda1e084f3b2b62022-01-05 10:03:02.710root 11241100x80000000000000006960296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e395ed9911436d2a2022-01-05 10:03:02.710root 11241100x80000000000000006960297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ad34cd238ef2192022-01-05 10:03:02.711root 11241100x80000000000000006960298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dca4b0505ba7dcf2022-01-05 10:03:02.711root 11241100x80000000000000006960299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3242fbaee494432022-01-05 10:03:02.711root 11241100x80000000000000006960300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7199544c55a275942022-01-05 10:03:02.711root 11241100x80000000000000006960301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ca854a81c21e0b2022-01-05 10:03:02.711root 11241100x80000000000000006960302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643817e3871546912022-01-05 10:03:02.711root 11241100x80000000000000006960303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9828b5fbfab4b42022-01-05 10:03:02.711root 11241100x80000000000000006960304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5f6f4cfe5309792022-01-05 10:03:02.711root 11241100x80000000000000006960305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65dc8d889e90d032022-01-05 10:03:02.711root 11241100x80000000000000006960306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db2c38f000e83d52022-01-05 10:03:02.712root 11241100x80000000000000006960307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06df7b9ee2fe10b02022-01-05 10:03:02.712root 11241100x80000000000000006960308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577415e5c433f0802022-01-05 10:03:02.712root 11241100x80000000000000006960309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1854ccc817e33b242022-01-05 10:03:02.712root 11241100x80000000000000006960310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8357ec34730b4fd2022-01-05 10:03:02.712root 11241100x80000000000000006960311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbddcc96f1e0f1d2022-01-05 10:03:02.712root 11241100x80000000000000006960312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d21e8d3f82ba302022-01-05 10:03:02.712root 11241100x80000000000000006960313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e227c09751387b402022-01-05 10:03:02.712root 11241100x80000000000000006960314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5252a876f11d51dd2022-01-05 10:03:02.713root 11241100x80000000000000006960315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f82e89569335222022-01-05 10:03:02.713root 11241100x80000000000000006960316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8b1864c3b9f2212022-01-05 10:03:02.713root 11241100x80000000000000006960317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88788dd85b770a482022-01-05 10:03:02.713root 11241100x80000000000000006960318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ede2e6f59d5d9cd2022-01-05 10:03:02.713root 11241100x80000000000000006960319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a359e355a4bf3b2022-01-05 10:03:02.713root 11241100x80000000000000006960320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7165d8c1bf2fc162022-01-05 10:03:02.713root 11241100x80000000000000006960321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c195075450bd178f2022-01-05 10:03:02.713root 11241100x80000000000000006960322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab7a392df2dcbe72022-01-05 10:03:02.713root 11241100x80000000000000006960323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d716d9d907c2ba2022-01-05 10:03:03.209root 11241100x80000000000000006960324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cd0b06b6060a622022-01-05 10:03:03.209root 11241100x80000000000000006960325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c569beb97a70ac522022-01-05 10:03:03.210root 11241100x80000000000000006960326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd7bb6cecba04272022-01-05 10:03:03.210root 11241100x80000000000000006960327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586a1e82c1f25da42022-01-05 10:03:03.210root 11241100x80000000000000006960328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b779318f3bad452022-01-05 10:03:03.210root 11241100x80000000000000006960329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950cf4d9f0eeac802022-01-05 10:03:03.210root 11241100x80000000000000006960330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec93de500a0026c2022-01-05 10:03:03.211root 11241100x80000000000000006960331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7314b2113c39117e2022-01-05 10:03:03.211root 11241100x80000000000000006960332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdcc1a9ea40bb922022-01-05 10:03:03.211root 11241100x80000000000000006960333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6852b893ded4412022-01-05 10:03:03.211root 11241100x80000000000000006960334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af8ad457d89bf3d2022-01-05 10:03:03.211root 11241100x80000000000000006960335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e261b2cf0c33ad92022-01-05 10:03:03.211root 11241100x80000000000000006960336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2933cb800a6a67c82022-01-05 10:03:03.211root 11241100x80000000000000006960337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cd8489e5c82c082022-01-05 10:03:03.211root 11241100x80000000000000006960338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e7abd5e8ada7e72022-01-05 10:03:03.211root 11241100x80000000000000006960339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4089a530578728882022-01-05 10:03:03.212root 11241100x80000000000000006960340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a746b16e366b9f2022-01-05 10:03:03.212root 11241100x80000000000000006960341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c164054a1500702022-01-05 10:03:03.212root 11241100x80000000000000006960342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9d525d433b46a92022-01-05 10:03:03.212root 11241100x80000000000000006960343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b82b239bd0bc762022-01-05 10:03:03.212root 11241100x80000000000000006960344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ddebec7b75cb552022-01-05 10:03:03.212root 11241100x80000000000000006960345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af86e8a4aa5ca3b32022-01-05 10:03:03.212root 11241100x80000000000000006960346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47652a9899c139b82022-01-05 10:03:03.212root 11241100x80000000000000006960347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa16f3f80fb1a2f22022-01-05 10:03:03.212root 11241100x80000000000000006960348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074c6c638043a58c2022-01-05 10:03:03.212root 11241100x80000000000000006960349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16c8f147c97dd032022-01-05 10:03:03.212root 11241100x80000000000000006960350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04112d102ee3f042022-01-05 10:03:03.212root 11241100x80000000000000006960351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7832f8949d7c28be2022-01-05 10:03:03.212root 11241100x80000000000000006960352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28503598dd80bf092022-01-05 10:03:03.213root 11241100x80000000000000006960353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b197ce68d67fb682022-01-05 10:03:03.213root 11241100x80000000000000006960354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e861482e2c3802022-01-05 10:03:03.213root 11241100x80000000000000006960355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25ea7542cdefd602022-01-05 10:03:03.711root 11241100x80000000000000006960356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1041cf8523df92bc2022-01-05 10:03:03.711root 11241100x80000000000000006960357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58d7b42b4324a692022-01-05 10:03:03.711root 11241100x80000000000000006960358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c7be2665a112b82022-01-05 10:03:03.711root 11241100x80000000000000006960359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f14dda789bed832022-01-05 10:03:03.711root 11241100x80000000000000006960360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e0bf5166f4fd182022-01-05 10:03:03.711root 11241100x80000000000000006960361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a560214ebfc402362022-01-05 10:03:03.712root 11241100x80000000000000006960362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af02b2175d4ee072022-01-05 10:03:03.712root 11241100x80000000000000006960363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6531f1e87df5311e2022-01-05 10:03:03.712root 11241100x80000000000000006960364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17d0584ffddc7bc2022-01-05 10:03:03.712root 11241100x80000000000000006960365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3eb048c481f6ac2022-01-05 10:03:03.712root 11241100x80000000000000006960366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068e9071b75a54a2022-01-05 10:03:03.712root 11241100x80000000000000006960367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c40297985fbdbab2022-01-05 10:03:03.712root 11241100x80000000000000006960368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3addedcffabedd722022-01-05 10:03:03.712root 11241100x80000000000000006960369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ae3ae8b45a52d32022-01-05 10:03:03.712root 11241100x80000000000000006960370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2703d053ae1f60bc2022-01-05 10:03:03.712root 11241100x80000000000000006960371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea8c5614c807bcb2022-01-05 10:03:03.712root 11241100x80000000000000006960372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e879eb2d2d1497c2022-01-05 10:03:03.712root 11241100x80000000000000006960373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e765c247f763c92022-01-05 10:03:03.712root 11241100x80000000000000006960374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2272dba35517cdf2022-01-05 10:03:03.712root 11241100x80000000000000006960375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf716b4623038f32022-01-05 10:03:03.713root 11241100x80000000000000006960376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac45a74b223bebb12022-01-05 10:03:03.713root 11241100x80000000000000006960377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6217ccc5565405422022-01-05 10:03:03.713root 11241100x80000000000000006960378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42f00b7a8c0e4342022-01-05 10:03:03.713root 11241100x80000000000000006960379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32786c9d340ae9472022-01-05 10:03:03.713root 11241100x80000000000000006960380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a992cf027d291ae2022-01-05 10:03:03.713root 11241100x80000000000000006960381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fb4802615b18762022-01-05 10:03:03.713root 11241100x80000000000000006960382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:03.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0ea119a23256762022-01-05 10:03:03.713root 11241100x80000000000000006960383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ceacb2418786a612022-01-05 10:03:04.210root 11241100x80000000000000006960384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce59a6afabf288cd2022-01-05 10:03:04.210root 11241100x80000000000000006960385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5e06eab854ac942022-01-05 10:03:04.210root 11241100x80000000000000006960386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a04ff80cdb182a82022-01-05 10:03:04.210root 11241100x80000000000000006960387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550f666b0b9114c22022-01-05 10:03:04.210root 11241100x80000000000000006960388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0089279b7e5f7f2022-01-05 10:03:04.210root 11241100x80000000000000006960389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dc7c17ccd0f8ea2022-01-05 10:03:04.210root 11241100x80000000000000006960390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8aedc8e2f7bcfc2022-01-05 10:03:04.210root 11241100x80000000000000006960391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab34b3c0bb925f52022-01-05 10:03:04.211root 11241100x80000000000000006960392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01632f2c0b5a83f82022-01-05 10:03:04.211root 11241100x80000000000000006960393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3058e4a5bd43113f2022-01-05 10:03:04.211root 11241100x80000000000000006960394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9c97b2376e6a902022-01-05 10:03:04.211root 11241100x80000000000000006960395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e205c97a525c6072022-01-05 10:03:04.211root 11241100x80000000000000006960396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff60c064bf94cd7d2022-01-05 10:03:04.211root 11241100x80000000000000006960397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bdbd42229840ba2022-01-05 10:03:04.211root 11241100x80000000000000006960398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a7a42958e357d22022-01-05 10:03:04.211root 11241100x80000000000000006960399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba308f13beeabb52022-01-05 10:03:04.211root 11241100x80000000000000006960400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395c59cb5bb5fef32022-01-05 10:03:04.211root 11241100x80000000000000006960401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9c43da1f075f252022-01-05 10:03:04.211root 11241100x80000000000000006960402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74569fea055e5572022-01-05 10:03:04.211root 11241100x80000000000000006960403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4806be47b0dadb6a2022-01-05 10:03:04.212root 11241100x80000000000000006960404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce84da8ead56bd0f2022-01-05 10:03:04.212root 11241100x80000000000000006960405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7166e8db5c2c307d2022-01-05 10:03:04.212root 11241100x80000000000000006960406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c650f50ffd7021582022-01-05 10:03:04.212root 11241100x80000000000000006960407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc3f71123ca7eed2022-01-05 10:03:04.212root 11241100x80000000000000006960408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5624eafb9682c62022-01-05 10:03:04.212root 11241100x80000000000000006960409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126c07eb938267072022-01-05 10:03:04.212root 11241100x80000000000000006960410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384f1a0492c8af7f2022-01-05 10:03:04.212root 11241100x80000000000000006960411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9543368e10d472e42022-01-05 10:03:04.710root 11241100x80000000000000006960412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4090b78d535abd92022-01-05 10:03:04.710root 11241100x80000000000000006960413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72d8fcd97704f0f2022-01-05 10:03:04.710root 11241100x80000000000000006960414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a8c849d47f3f932022-01-05 10:03:04.710root 11241100x80000000000000006960415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2763ae32f20ce1ca2022-01-05 10:03:04.710root 11241100x80000000000000006960416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30955249df6dc5f02022-01-05 10:03:04.710root 11241100x80000000000000006960417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ff46fc6a4a39f12022-01-05 10:03:04.710root 11241100x80000000000000006960418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a2dedddb2775c92022-01-05 10:03:04.710root 11241100x80000000000000006960419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ead96591dd1d352022-01-05 10:03:04.711root 11241100x80000000000000006960420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc05071e7437b7a2022-01-05 10:03:04.711root 11241100x80000000000000006960421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8029893731b247182022-01-05 10:03:04.711root 11241100x80000000000000006960422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c5e4d94e3ad86c2022-01-05 10:03:04.711root 11241100x80000000000000006960423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7596188c05a0c8452022-01-05 10:03:04.711root 11241100x80000000000000006960424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e66c5539f0f4bb2022-01-05 10:03:04.711root 11241100x80000000000000006960425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815654ea5c85f0b62022-01-05 10:03:04.711root 11241100x80000000000000006960426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6806a5f3440dd2b82022-01-05 10:03:04.711root 11241100x80000000000000006960427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba5d848538659762022-01-05 10:03:04.711root 11241100x80000000000000006960428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326d04ee4cecb812022-01-05 10:03:04.711root 11241100x80000000000000006960429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e7316fa6824e52022-01-05 10:03:04.711root 11241100x80000000000000006960430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898e4abec05d72632022-01-05 10:03:04.711root 11241100x80000000000000006960431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956a365053e742b92022-01-05 10:03:04.711root 11241100x80000000000000006960432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24bee6aa8a4e19b2022-01-05 10:03:04.711root 11241100x80000000000000006960433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e533d1c634d2662022-01-05 10:03:04.711root 11241100x80000000000000006960434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dd3318555f45af2022-01-05 10:03:04.712root 11241100x80000000000000006960435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17bc860d701eafd2022-01-05 10:03:04.712root 11241100x80000000000000006960436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6621029ddb70362022-01-05 10:03:04.712root 11241100x80000000000000006960437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2e0c2826c081f32022-01-05 10:03:04.712root 11241100x80000000000000006960438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dac59b113c55442022-01-05 10:03:04.712root 11241100x80000000000000006960439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3517b0229f6b1d2022-01-05 10:03:05.210root 11241100x80000000000000006960440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03b425a86629f292022-01-05 10:03:05.210root 11241100x80000000000000006960441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a227e0be70e28c212022-01-05 10:03:05.210root 11241100x80000000000000006960442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbf3aa5575e99ec2022-01-05 10:03:05.210root 11241100x80000000000000006960443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b46cd4c0d8869ad2022-01-05 10:03:05.211root 11241100x80000000000000006960444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd6ee7131d527ff2022-01-05 10:03:05.211root 11241100x80000000000000006960445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5ae2b2859263382022-01-05 10:03:05.211root 11241100x80000000000000006960446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70754d4b3db0f9e2022-01-05 10:03:05.211root 11241100x80000000000000006960447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae73ad5926406db42022-01-05 10:03:05.211root 11241100x80000000000000006960448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f258f9ba994c802022-01-05 10:03:05.211root 11241100x80000000000000006960449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4944bf1d24851a2022-01-05 10:03:05.211root 11241100x80000000000000006960450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e74dde9980156b02022-01-05 10:03:05.211root 11241100x80000000000000006960451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1e5f7d06afab912022-01-05 10:03:05.211root 11241100x80000000000000006960452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c1b912c432cdf72022-01-05 10:03:05.211root 11241100x80000000000000006960453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98104e6ae26892602022-01-05 10:03:05.211root 11241100x80000000000000006960454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4903d361f350b2f52022-01-05 10:03:05.211root 11241100x80000000000000006960455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e48f74412437edd2022-01-05 10:03:05.211root 11241100x80000000000000006960456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ea003a277b616a2022-01-05 10:03:05.211root 11241100x80000000000000006960457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56767ee2f94ab31b2022-01-05 10:03:05.211root 11241100x80000000000000006960458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b02b87d2be511672022-01-05 10:03:05.212root 11241100x80000000000000006960459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d1af3f783ced662022-01-05 10:03:05.212root 11241100x80000000000000006960460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971a447bccbcf8dd2022-01-05 10:03:05.212root 11241100x80000000000000006960461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6246e0a08d4282d12022-01-05 10:03:05.212root 11241100x80000000000000006960462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd50a6ba681261d2022-01-05 10:03:05.212root 11241100x80000000000000006960463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d1921b9bba2eb92022-01-05 10:03:05.212root 11241100x80000000000000006960464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafaeed91d80ab402022-01-05 10:03:05.212root 11241100x80000000000000006960465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484a70a7ed92a6cf2022-01-05 10:03:05.212root 11241100x80000000000000006960466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456732cbce45e4292022-01-05 10:03:05.212root 11241100x80000000000000006960467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c103a92f04985ad2022-01-05 10:03:05.710root 11241100x80000000000000006960468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8433279757283432022-01-05 10:03:05.710root 11241100x80000000000000006960469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9bf010ef671362022-01-05 10:03:05.710root 11241100x80000000000000006960470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45461862f0f1c892022-01-05 10:03:05.710root 11241100x80000000000000006960471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb04e42f6ad799e62022-01-05 10:03:05.711root 11241100x80000000000000006960472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fface2299f51f842022-01-05 10:03:05.711root 11241100x80000000000000006960473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdc5a79e73778242022-01-05 10:03:05.711root 11241100x80000000000000006960474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de172b3491b788f2022-01-05 10:03:05.711root 11241100x80000000000000006960475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b264618c21923ddb2022-01-05 10:03:05.711root 11241100x80000000000000006960476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1ade81eb67d7612022-01-05 10:03:05.711root 11241100x80000000000000006960477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63218e4434feb772022-01-05 10:03:05.711root 11241100x80000000000000006960478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5e1b1a6223f3e62022-01-05 10:03:05.711root 11241100x80000000000000006960479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7554adb73f87752022-01-05 10:03:05.711root 11241100x80000000000000006960480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0190a1f254ecee2022-01-05 10:03:05.711root 11241100x80000000000000006960481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74662956eb93b8b2022-01-05 10:03:05.711root 11241100x80000000000000006960482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c330192c9f9db82022-01-05 10:03:05.711root 11241100x80000000000000006960483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48922a462bd88592022-01-05 10:03:05.711root 11241100x80000000000000006960484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a127ad8611c9dc872022-01-05 10:03:05.711root 11241100x80000000000000006960485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728be4ac363aefa82022-01-05 10:03:05.711root 11241100x80000000000000006960486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82648cd0e8d1ffbd2022-01-05 10:03:05.711root 11241100x80000000000000006960487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a01a8a43c16aa3e2022-01-05 10:03:05.711root 11241100x80000000000000006960488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e7d3e9abdcc6fc2022-01-05 10:03:05.712root 11241100x80000000000000006960489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0677b26f5ab6e4a32022-01-05 10:03:05.712root 11241100x80000000000000006960490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fc80a3813d46c32022-01-05 10:03:05.712root 11241100x80000000000000006960491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28433483e5fe619d2022-01-05 10:03:05.712root 11241100x80000000000000006960492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50bdac4859ff19e2022-01-05 10:03:05.712root 11241100x80000000000000006960493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0642f5e9c38747f2022-01-05 10:03:05.712root 11241100x80000000000000006960494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:05.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c96223020a959f2022-01-05 10:03:05.712root 11241100x80000000000000006960495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d41ebc5750700d32022-01-05 10:03:06.210root 11241100x80000000000000006960496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba0090a433939902022-01-05 10:03:06.210root 11241100x80000000000000006960497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6a9069237978d82022-01-05 10:03:06.211root 11241100x80000000000000006960498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8263f122a5512a5a2022-01-05 10:03:06.211root 11241100x80000000000000006960499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05a5601733e26752022-01-05 10:03:06.211root 11241100x80000000000000006960500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d713a51a284880f2022-01-05 10:03:06.211root 11241100x80000000000000006960501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3840042706e7da192022-01-05 10:03:06.211root 11241100x80000000000000006960502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111c19f0652cd35f2022-01-05 10:03:06.211root 11241100x80000000000000006960503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf5ea929cfdfac2022-01-05 10:03:06.211root 11241100x80000000000000006960504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf32d9e23e975e12022-01-05 10:03:06.211root 11241100x80000000000000006960505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5044e0cebfe81a372022-01-05 10:03:06.211root 11241100x80000000000000006960506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856fa8baeef5762c2022-01-05 10:03:06.211root 11241100x80000000000000006960507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092de4f65c99e0432022-01-05 10:03:06.211root 11241100x80000000000000006960508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d351c167148ab9902022-01-05 10:03:06.211root 11241100x80000000000000006960509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83de43e6c3eb0a92022-01-05 10:03:06.211root 11241100x80000000000000006960510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc8ac737ba455c02022-01-05 10:03:06.212root 11241100x80000000000000006960511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f281cecdbf85162022-01-05 10:03:06.212root 11241100x80000000000000006960512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470f6586931774152022-01-05 10:03:06.212root 11241100x80000000000000006960513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9fb6f1a32e8c012022-01-05 10:03:06.212root 11241100x80000000000000006960514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529c6ad90d3e33d22022-01-05 10:03:06.212root 11241100x80000000000000006960515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1411cc75b57fdf492022-01-05 10:03:06.212root 11241100x80000000000000006960516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5879dacb89929172022-01-05 10:03:06.212root 11241100x80000000000000006960517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ced4d7896503ac2022-01-05 10:03:06.212root 11241100x80000000000000006960518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52be6342b3b8c08a2022-01-05 10:03:06.212root 11241100x80000000000000006960519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795ca3cf9920ed782022-01-05 10:03:06.212root 11241100x80000000000000006960520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02567e662eb1eb152022-01-05 10:03:06.212root 11241100x80000000000000006960521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5646de38e66621ad2022-01-05 10:03:06.212root 11241100x80000000000000006960522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30950e3a8f3a3cce2022-01-05 10:03:06.212root 11241100x80000000000000006960523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3e28e866c329b42022-01-05 10:03:06.710root 11241100x80000000000000006960524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1d12539c852c302022-01-05 10:03:06.710root 11241100x80000000000000006960525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c5565f74722f862022-01-05 10:03:06.710root 11241100x80000000000000006960526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75587f5309e097a02022-01-05 10:03:06.710root 11241100x80000000000000006960527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baafb8a1e8bb0802022-01-05 10:03:06.710root 11241100x80000000000000006960528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed917bd9515c26f2022-01-05 10:03:06.710root 11241100x80000000000000006960529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c25a0377afd04802022-01-05 10:03:06.711root 11241100x80000000000000006960530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3a27cf9bedfcb12022-01-05 10:03:06.711root 11241100x80000000000000006960531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e1423db4696f662022-01-05 10:03:06.711root 11241100x80000000000000006960532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124e1ad34ecc82ca2022-01-05 10:03:06.711root 11241100x80000000000000006960533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde6e1bed8b730e32022-01-05 10:03:06.711root 11241100x80000000000000006960534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af43c2b8e7229d082022-01-05 10:03:06.711root 11241100x80000000000000006960535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ed9c7300efb3c12022-01-05 10:03:06.711root 11241100x80000000000000006960536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec812d1fc6086582022-01-05 10:03:06.711root 11241100x80000000000000006960537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4667430e954abbaf2022-01-05 10:03:06.711root 11241100x80000000000000006960538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590b9b82940752ad2022-01-05 10:03:06.711root 11241100x80000000000000006960539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fbf318b4f7566c2022-01-05 10:03:06.711root 11241100x80000000000000006960540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d430b8d7df9e1e8d2022-01-05 10:03:06.711root 11241100x80000000000000006960541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ebf386a63585302022-01-05 10:03:06.711root 11241100x80000000000000006960542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d6e1f951a9a46c2022-01-05 10:03:06.711root 11241100x80000000000000006960543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cbf786c52cff832022-01-05 10:03:06.711root 11241100x80000000000000006960544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058d8e291caf50752022-01-05 10:03:06.711root 11241100x80000000000000006960545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd87875d38f60a02022-01-05 10:03:06.711root 11241100x80000000000000006960546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4d055e221f88622022-01-05 10:03:06.712root 11241100x80000000000000006960547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab27ec10817335f52022-01-05 10:03:06.712root 11241100x80000000000000006960548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e762cdb5dabc022022-01-05 10:03:06.712root 11241100x80000000000000006960549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd36d1cfc9aa82c2022-01-05 10:03:06.712root 11241100x80000000000000006960550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:06.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654325dd9ea106ab2022-01-05 10:03:06.712root 354300x80000000000000006960551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.145{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41724-false10.0.1.12-8000- 11241100x80000000000000006960552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54610740f9e66092022-01-05 10:03:07.146root 11241100x80000000000000006960553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e66104f69e342232022-01-05 10:03:07.146root 11241100x80000000000000006960554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b01d19427fae02022-01-05 10:03:07.146root 11241100x80000000000000006960555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d17ec1096ea53bd2022-01-05 10:03:07.146root 11241100x80000000000000006960556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ecaca9ee46e9742022-01-05 10:03:07.146root 11241100x80000000000000006960557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4268b894673155f72022-01-05 10:03:07.146root 11241100x80000000000000006960558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42b4d2438ba5f9f2022-01-05 10:03:07.146root 11241100x80000000000000006960559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b57ce843057e4e2022-01-05 10:03:07.146root 11241100x80000000000000006960560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aeaa6bb1c358a62022-01-05 10:03:07.147root 11241100x80000000000000006960561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c820b7eb7fa5d002022-01-05 10:03:07.147root 11241100x80000000000000006960562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8675e14b07735a772022-01-05 10:03:07.147root 11241100x80000000000000006960563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd9524306a8f6f82022-01-05 10:03:07.147root 11241100x80000000000000006960564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fa35ed9573e2632022-01-05 10:03:07.147root 11241100x80000000000000006960565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adac1f132978bb592022-01-05 10:03:07.147root 11241100x80000000000000006960566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38a8a91cdec20742022-01-05 10:03:07.147root 11241100x80000000000000006960567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d821e81bf1c12652022-01-05 10:03:07.147root 11241100x80000000000000006960568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2ffb8dfc0173fe2022-01-05 10:03:07.147root 11241100x80000000000000006960569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f56df166139f062022-01-05 10:03:07.147root 11241100x80000000000000006960570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f093d818f36ad52022-01-05 10:03:07.147root 11241100x80000000000000006960571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f56732ec359d0a2022-01-05 10:03:07.147root 11241100x80000000000000006960572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382fbc3c538cd6e2022-01-05 10:03:07.147root 11241100x80000000000000006960573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb14875f0dfc26b2022-01-05 10:03:07.147root 11241100x80000000000000006960574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f3b76c01ec947a2022-01-05 10:03:07.147root 11241100x80000000000000006960575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4e5b97ad4f36792022-01-05 10:03:07.147root 11241100x80000000000000006960576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f55b6a181244e4a2022-01-05 10:03:07.148root 11241100x80000000000000006960577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3b602d43c36e812022-01-05 10:03:07.148root 11241100x80000000000000006960578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e318f81fbde98b2f2022-01-05 10:03:07.148root 11241100x80000000000000006960579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c252abf203d4a8472022-01-05 10:03:07.148root 11241100x80000000000000006960580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acef5595ecc8d0f2022-01-05 10:03:07.148root 11241100x80000000000000006960581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cde9c43d5a46ea2022-01-05 10:03:07.460root 11241100x80000000000000006960582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76d359ada1e92d92022-01-05 10:03:07.460root 11241100x80000000000000006960583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd95ff508e7d65c2022-01-05 10:03:07.460root 11241100x80000000000000006960584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f014cd1f5525e1022022-01-05 10:03:07.460root 11241100x80000000000000006960585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b5b6599284559a2022-01-05 10:03:07.460root 11241100x80000000000000006960586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96b34402ce39c662022-01-05 10:03:07.460root 11241100x80000000000000006960587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ec312917bd86802022-01-05 10:03:07.460root 11241100x80000000000000006960588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7ebb1660ce0cd32022-01-05 10:03:07.461root 11241100x80000000000000006960589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa53b10ad219f5872022-01-05 10:03:07.461root 11241100x80000000000000006960590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df422fc9ca07a41e2022-01-05 10:03:07.461root 11241100x80000000000000006960591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcba070755b427a32022-01-05 10:03:07.461root 11241100x80000000000000006960592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b16610777fadc72022-01-05 10:03:07.461root 11241100x80000000000000006960593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423fb5360db578f62022-01-05 10:03:07.461root 11241100x80000000000000006960594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd5383ec270ca642022-01-05 10:03:07.461root 11241100x80000000000000006960595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0287e46329235d452022-01-05 10:03:07.461root 11241100x80000000000000006960596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afbd85c1613115e2022-01-05 10:03:07.461root 11241100x80000000000000006960597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfa00368de160442022-01-05 10:03:07.461root 11241100x80000000000000006960598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c659d5bf241137f12022-01-05 10:03:07.461root 11241100x80000000000000006960599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31b30bcaa8471c12022-01-05 10:03:07.461root 11241100x80000000000000006960600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b460d43cbc59a7d2022-01-05 10:03:07.461root 11241100x80000000000000006960601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c99959c95221742022-01-05 10:03:07.461root 11241100x80000000000000006960602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62e1c9f3027d2c82022-01-05 10:03:07.462root 11241100x80000000000000006960603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ef8f0a9af775af2022-01-05 10:03:07.462root 11241100x80000000000000006960604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7196aac623230962022-01-05 10:03:07.462root 11241100x80000000000000006960605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f8b1bd25032f672022-01-05 10:03:07.462root 11241100x80000000000000006960606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3a19f039163bfa2022-01-05 10:03:07.462root 11241100x80000000000000006960607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2e4d6c375fea302022-01-05 10:03:07.462root 11241100x80000000000000006960608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f55456ddfadf2122022-01-05 10:03:07.462root 11241100x80000000000000006960609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e5bfb70db534d22022-01-05 10:03:07.462root 11241100x80000000000000006960610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2faadc118c769e2022-01-05 10:03:07.960root 11241100x80000000000000006960611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0905e956a21784772022-01-05 10:03:07.960root 11241100x80000000000000006960612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf3951bcd1a52c52022-01-05 10:03:07.960root 11241100x80000000000000006960613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4611535007268e672022-01-05 10:03:07.960root 11241100x80000000000000006960614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e7147fd44349fd2022-01-05 10:03:07.960root 11241100x80000000000000006960615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c4bbc44b9f46b92022-01-05 10:03:07.960root 11241100x80000000000000006960616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7824ff1aae21cc2022-01-05 10:03:07.960root 11241100x80000000000000006960617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ad8f569c744d822022-01-05 10:03:07.961root 11241100x80000000000000006960618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0c7c7c080c81002022-01-05 10:03:07.961root 11241100x80000000000000006960619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aa20127d762bd92022-01-05 10:03:07.961root 11241100x80000000000000006960620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497b919c995f89642022-01-05 10:03:07.961root 11241100x80000000000000006960621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e252ae82981d27f2022-01-05 10:03:07.961root 11241100x80000000000000006960622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f744a0f36b294aa22022-01-05 10:03:07.962root 11241100x80000000000000006960623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a26c856c1e3e262022-01-05 10:03:07.962root 11241100x80000000000000006960624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6984f35a61120592022-01-05 10:03:07.962root 11241100x80000000000000006960625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a5ee285133f4a62022-01-05 10:03:07.962root 11241100x80000000000000006960626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa021fa042758a42022-01-05 10:03:07.962root 11241100x80000000000000006960627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3898934dedd84bc72022-01-05 10:03:07.962root 11241100x80000000000000006960628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ba770d5a0a2f4f2022-01-05 10:03:07.962root 11241100x80000000000000006960629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0deb2ba748901f302022-01-05 10:03:07.962root 11241100x80000000000000006960630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f003fa196a18da9b2022-01-05 10:03:07.962root 11241100x80000000000000006960631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc99937ec562b6f2022-01-05 10:03:07.962root 11241100x80000000000000006960632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1d7e39e8da7a5b2022-01-05 10:03:07.962root 11241100x80000000000000006960633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21edf2efd98652162022-01-05 10:03:07.962root 11241100x80000000000000006960634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d236e31f11bb3aa2022-01-05 10:03:07.963root 11241100x80000000000000006960635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27ad7c52bebfdc32022-01-05 10:03:07.963root 11241100x80000000000000006960636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b57ba4d1ad13c22022-01-05 10:03:07.963root 11241100x80000000000000006960637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff7340b5b73f2e52022-01-05 10:03:07.963root 11241100x80000000000000006960638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf625b551b7219cf2022-01-05 10:03:07.963root 11241100x80000000000000006960639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e054c03c58309ec02022-01-05 10:03:08.460root 11241100x80000000000000006960640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735bf19fc41dd3212022-01-05 10:03:08.460root 11241100x80000000000000006960641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5faf7063d460542022-01-05 10:03:08.460root 11241100x80000000000000006960642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a7f357c831039a2022-01-05 10:03:08.460root 11241100x80000000000000006960643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21e01fd7b9711f92022-01-05 10:03:08.460root 11241100x80000000000000006960644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49799fc670edd10f2022-01-05 10:03:08.461root 11241100x80000000000000006960645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b06114cbbb46f22022-01-05 10:03:08.461root 11241100x80000000000000006960646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8035e7bcb602e92022-01-05 10:03:08.461root 11241100x80000000000000006960647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0ce97772c93b352022-01-05 10:03:08.461root 11241100x80000000000000006960648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e5f4ad5bcf75e72022-01-05 10:03:08.461root 11241100x80000000000000006960649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d1aafe81206ec52022-01-05 10:03:08.461root 11241100x80000000000000006960650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cda0c6fb793cdd2022-01-05 10:03:08.462root 11241100x80000000000000006960651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51d8daa067ad3fd2022-01-05 10:03:08.462root 11241100x80000000000000006960652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2650df353c6dfb322022-01-05 10:03:08.462root 11241100x80000000000000006960653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4612174bf9b753d72022-01-05 10:03:08.462root 11241100x80000000000000006960654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6910d5fdc3608b12022-01-05 10:03:08.462root 11241100x80000000000000006960655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2962fa373da669c2022-01-05 10:03:08.462root 11241100x80000000000000006960656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3dc14979fdcad82022-01-05 10:03:08.462root 11241100x80000000000000006960657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e9034b170a82c92022-01-05 10:03:08.462root 11241100x80000000000000006960658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e320ca5887778f62022-01-05 10:03:08.463root 11241100x80000000000000006960659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13104f63efa86a12022-01-05 10:03:08.463root 11241100x80000000000000006960660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5acf834e436d512022-01-05 10:03:08.463root 11241100x80000000000000006960661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7542722188250b7c2022-01-05 10:03:08.463root 11241100x80000000000000006960662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6e358e41b5ea372022-01-05 10:03:08.463root 11241100x80000000000000006960663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d66ece700ce7fc62022-01-05 10:03:08.463root 11241100x80000000000000006960664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8ec19902490d7c2022-01-05 10:03:08.463root 11241100x80000000000000006960665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2376a3d6c57c42092022-01-05 10:03:08.463root 11241100x80000000000000006960666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3988c2511ab406202022-01-05 10:03:08.464root 11241100x80000000000000006960667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59ae7c655769b432022-01-05 10:03:08.464root 11241100x80000000000000006960668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e94c03f20091302022-01-05 10:03:08.960root 11241100x80000000000000006960669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa9fdecd1f1529a2022-01-05 10:03:08.960root 11241100x80000000000000006960670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65038daec2922f652022-01-05 10:03:08.960root 11241100x80000000000000006960671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c19c131083cf4d2022-01-05 10:03:08.960root 11241100x80000000000000006960672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a04fe5e643f5772022-01-05 10:03:08.960root 11241100x80000000000000006960673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6befef233a2c9a42022-01-05 10:03:08.960root 11241100x80000000000000006960674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceeefd9e99376c5e2022-01-05 10:03:08.961root 11241100x80000000000000006960675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b244eee0e90082022-01-05 10:03:08.961root 11241100x80000000000000006960676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc1c517c73efaf32022-01-05 10:03:08.961root 11241100x80000000000000006960677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8654bfe13bda2e632022-01-05 10:03:08.961root 11241100x80000000000000006960678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f791f5fd0ed001f82022-01-05 10:03:08.961root 11241100x80000000000000006960679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc758e13b7dfb6b2022-01-05 10:03:08.961root 11241100x80000000000000006960680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1184e4dddfb08662022-01-05 10:03:08.961root 11241100x80000000000000006960681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165422a511a069c62022-01-05 10:03:08.961root 11241100x80000000000000006960682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deed09435f9f93a2022-01-05 10:03:08.961root 11241100x80000000000000006960683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826e94036d7f1d082022-01-05 10:03:08.961root 11241100x80000000000000006960684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80387eacec8d88262022-01-05 10:03:08.961root 11241100x80000000000000006960685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1d6407fcd38ad2022-01-05 10:03:08.962root 11241100x80000000000000006960686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae3356b709cdfb02022-01-05 10:03:08.962root 11241100x80000000000000006960687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0651559aa9ec65d12022-01-05 10:03:08.962root 11241100x80000000000000006960688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2f665711cc7ce82022-01-05 10:03:08.962root 11241100x80000000000000006960689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648d0fde3d7acede2022-01-05 10:03:08.962root 11241100x80000000000000006960690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6665f10a0947bd2022-01-05 10:03:08.962root 11241100x80000000000000006960691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc6805a5de9b3d52022-01-05 10:03:08.962root 11241100x80000000000000006960692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6ab27b1ff835fe2022-01-05 10:03:08.962root 11241100x80000000000000006960693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1083bce49829ceba2022-01-05 10:03:08.962root 11241100x80000000000000006960694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e49142805560412022-01-05 10:03:08.962root 11241100x80000000000000006960695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efef8e47c26739d2022-01-05 10:03:08.962root 11241100x80000000000000006960696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d138189577fe40072022-01-05 10:03:08.963root 11241100x80000000000000006960697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811b6d987300e9802022-01-05 10:03:09.460root 11241100x80000000000000006960698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e685d8a46caf17652022-01-05 10:03:09.460root 11241100x80000000000000006960699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7a127d950437be2022-01-05 10:03:09.460root 11241100x80000000000000006960700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff343f6ca73e3512022-01-05 10:03:09.460root 11241100x80000000000000006960701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc908d802c7a8fa12022-01-05 10:03:09.461root 11241100x80000000000000006960702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b021945c83e68f542022-01-05 10:03:09.461root 11241100x80000000000000006960703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79570420a4b3837e2022-01-05 10:03:09.461root 11241100x80000000000000006960704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74f374baff99cf82022-01-05 10:03:09.461root 11241100x80000000000000006960705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f512c1e045493beb2022-01-05 10:03:09.461root 11241100x80000000000000006960706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15c09589a546d9e2022-01-05 10:03:09.461root 11241100x80000000000000006960707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2fd25ff1cb3f992022-01-05 10:03:09.462root 11241100x80000000000000006960708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a5ca2df036b1ae2022-01-05 10:03:09.462root 11241100x80000000000000006960709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d68c0fc29469fc2022-01-05 10:03:09.462root 11241100x80000000000000006960710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c7b8b0b559e03d2022-01-05 10:03:09.462root 11241100x80000000000000006960711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f174fd5e27ce162022-01-05 10:03:09.462root 11241100x80000000000000006960712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d639065e7c6cbbca2022-01-05 10:03:09.462root 11241100x80000000000000006960713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad63b8de838208f2022-01-05 10:03:09.462root 11241100x80000000000000006960714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d7dc1691dd12b62022-01-05 10:03:09.463root 11241100x80000000000000006960715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2092f5ea18c7ce5f2022-01-05 10:03:09.463root 11241100x80000000000000006960716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac006c5bf50657b2022-01-05 10:03:09.463root 11241100x80000000000000006960717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3b0292c48381362022-01-05 10:03:09.463root 11241100x80000000000000006960718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9b8169dad75e6d2022-01-05 10:03:09.463root 11241100x80000000000000006960719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc856072066c98c12022-01-05 10:03:09.463root 11241100x80000000000000006960720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5631f01234c4832022-01-05 10:03:09.463root 11241100x80000000000000006960721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aa9a1f00a423d72022-01-05 10:03:09.463root 11241100x80000000000000006960722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fadb24e423ac6952022-01-05 10:03:09.464root 11241100x80000000000000006960723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0622ca2c5298102022-01-05 10:03:09.464root 11241100x80000000000000006960724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d00b9628ba24512022-01-05 10:03:09.464root 11241100x80000000000000006960725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545cc693a88048a72022-01-05 10:03:09.464root 11241100x80000000000000006960726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbae67a715e6ee812022-01-05 10:03:09.960root 11241100x80000000000000006960727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a15d9747ff60df2022-01-05 10:03:09.960root 11241100x80000000000000006960728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ee006073d62cc22022-01-05 10:03:09.960root 11241100x80000000000000006960729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f22d1f2554aa912022-01-05 10:03:09.960root 11241100x80000000000000006960730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e41fce4bf74e42c2022-01-05 10:03:09.960root 11241100x80000000000000006960731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afcd48bb870ca6d2022-01-05 10:03:09.960root 11241100x80000000000000006960732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eda6b7bd0a1c7ec2022-01-05 10:03:09.961root 11241100x80000000000000006960733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa98c77a7d2c1eb02022-01-05 10:03:09.961root 11241100x80000000000000006960734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf8f1dc7bd31c432022-01-05 10:03:09.961root 11241100x80000000000000006960735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a04cf15528208f92022-01-05 10:03:09.961root 11241100x80000000000000006960736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bab0dcf626b4a922022-01-05 10:03:09.961root 11241100x80000000000000006960737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2060aee92067aa2022-01-05 10:03:09.961root 11241100x80000000000000006960738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d49f5d72b14f4c2022-01-05 10:03:09.961root 11241100x80000000000000006960739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4818014f2a1679cb2022-01-05 10:03:09.961root 11241100x80000000000000006960740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d17644f530af3bd2022-01-05 10:03:09.962root 11241100x80000000000000006960741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfb025c19dbcc322022-01-05 10:03:09.962root 11241100x80000000000000006960742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5a0b3f6eac70652022-01-05 10:03:09.962root 11241100x80000000000000006960743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936aa4c75d39f1592022-01-05 10:03:09.964root 11241100x80000000000000006960744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbab5d48ede732c2022-01-05 10:03:09.965root 11241100x80000000000000006960745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cf37a51af9ca1a2022-01-05 10:03:09.965root 11241100x80000000000000006960746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6aa2c7fd76f73122022-01-05 10:03:09.965root 11241100x80000000000000006960747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4bd78c686b80f82022-01-05 10:03:09.965root 11241100x80000000000000006960748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706f5c206f790ec72022-01-05 10:03:09.965root 11241100x80000000000000006960749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc865af73b5f4302022-01-05 10:03:09.965root 11241100x80000000000000006960750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2446a68e780ee42022-01-05 10:03:09.965root 11241100x80000000000000006960751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413f921b399e42f92022-01-05 10:03:09.965root 11241100x80000000000000006960752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb19bb83043c5412022-01-05 10:03:09.965root 11241100x80000000000000006960753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76df4a3953e578c2022-01-05 10:03:09.966root 11241100x80000000000000006960754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:09.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fa765ceb42e2462022-01-05 10:03:09.966root 11241100x80000000000000006960755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500e2be060c504322022-01-05 10:03:10.460root 11241100x80000000000000006960756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7ec160349027482022-01-05 10:03:10.460root 11241100x80000000000000006960757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b21579d81094152022-01-05 10:03:10.460root 11241100x80000000000000006960758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7e89271d90b7c32022-01-05 10:03:10.460root 11241100x80000000000000006960759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fcaee4317913152022-01-05 10:03:10.460root 11241100x80000000000000006960760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa38e4aea4935dd2022-01-05 10:03:10.461root 11241100x80000000000000006960761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64af45c838cc41c32022-01-05 10:03:10.461root 11241100x80000000000000006960762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6791682c19b82a8c2022-01-05 10:03:10.461root 11241100x80000000000000006960763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e618e365a5934532022-01-05 10:03:10.461root 11241100x80000000000000006960764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8100c7c5afb88f72022-01-05 10:03:10.461root 11241100x80000000000000006960765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f531c108d5e8922022-01-05 10:03:10.461root 11241100x80000000000000006960766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7c5b05bce37d8e2022-01-05 10:03:10.461root 11241100x80000000000000006960767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad22ae28795bc1a2022-01-05 10:03:10.461root 11241100x80000000000000006960768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37c1bbe046ec5e32022-01-05 10:03:10.462root 11241100x80000000000000006960769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94315334a8ebf2f42022-01-05 10:03:10.462root 11241100x80000000000000006960770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bff2f54793554bf2022-01-05 10:03:10.462root 11241100x80000000000000006960771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d79999eb39187c2022-01-05 10:03:10.462root 11241100x80000000000000006960772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb8b9029984c2332022-01-05 10:03:10.462root 11241100x80000000000000006960773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d81548a82220f212022-01-05 10:03:10.462root 11241100x80000000000000006960774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b1db7ce4f275942022-01-05 10:03:10.463root 11241100x80000000000000006960775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d49f044ddc3ac32022-01-05 10:03:10.463root 11241100x80000000000000006960776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f90858f7a473a742022-01-05 10:03:10.463root 11241100x80000000000000006960777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cc8afe490444e82022-01-05 10:03:10.463root 11241100x80000000000000006960778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f7010fc681dcdd2022-01-05 10:03:10.463root 11241100x80000000000000006960779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d2ecf28ca3e6462022-01-05 10:03:10.463root 11241100x80000000000000006960780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895cd53dd6cecbc62022-01-05 10:03:10.463root 11241100x80000000000000006960781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e444fae511cda32022-01-05 10:03:10.463root 11241100x80000000000000006960782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3657a2cf28158ea2022-01-05 10:03:10.463root 11241100x80000000000000006960783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce7e25a14e10e632022-01-05 10:03:10.463root 11241100x80000000000000006960784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cb1bfaf46103e22022-01-05 10:03:10.961root 11241100x80000000000000006960785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201afc7835d5ecd52022-01-05 10:03:10.961root 11241100x80000000000000006960786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838b6b4fef7da51a2022-01-05 10:03:10.961root 11241100x80000000000000006960787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3e0b7f58499e652022-01-05 10:03:10.961root 11241100x80000000000000006960788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b611e3b6585ddf2022-01-05 10:03:10.961root 11241100x80000000000000006960789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5385ed44276894412022-01-05 10:03:10.961root 11241100x80000000000000006960790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29829ce148ffb752022-01-05 10:03:10.961root 11241100x80000000000000006960791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43472104769bcbed2022-01-05 10:03:10.961root 11241100x80000000000000006960792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220bad6ba87ee4e72022-01-05 10:03:10.961root 11241100x80000000000000006960793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b51040eddaa5922022-01-05 10:03:10.962root 11241100x80000000000000006960794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1aabd3085d6ee042022-01-05 10:03:10.962root 11241100x80000000000000006960795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f507e84f7e0954f2022-01-05 10:03:10.962root 11241100x80000000000000006960796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4d52d163494c9a2022-01-05 10:03:10.962root 11241100x80000000000000006960797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a372afb36de62cec2022-01-05 10:03:10.962root 11241100x80000000000000006960798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf5008274a34ef82022-01-05 10:03:10.962root 11241100x80000000000000006960799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57e8d4762588c312022-01-05 10:03:10.962root 11241100x80000000000000006960800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346367b19f48df042022-01-05 10:03:10.962root 11241100x80000000000000006960801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8428483495546ad72022-01-05 10:03:10.962root 11241100x80000000000000006960802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e411461688e35fb12022-01-05 10:03:10.962root 11241100x80000000000000006960803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc21e98964635582022-01-05 10:03:10.963root 11241100x80000000000000006960804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7597ad58953078d2022-01-05 10:03:10.963root 11241100x80000000000000006960805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e6bc1ab3726c5a2022-01-05 10:03:10.963root 11241100x80000000000000006960806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fca1397c26c4bc2022-01-05 10:03:10.963root 11241100x80000000000000006960807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c062c1c36e3bde6c2022-01-05 10:03:10.963root 11241100x80000000000000006960808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec90f8511e5f5c072022-01-05 10:03:10.963root 11241100x80000000000000006960809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37aeab805a60c782022-01-05 10:03:10.964root 11241100x80000000000000006960810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ea6df8375797762022-01-05 10:03:10.964root 11241100x80000000000000006960811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c56c8fe184eeb622022-01-05 10:03:10.964root 11241100x80000000000000006960812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84b1f76ebebd5cd2022-01-05 10:03:10.964root 11241100x80000000000000006960813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ae94a765f613cc2022-01-05 10:03:11.460root 11241100x80000000000000006960814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc13776f64322552022-01-05 10:03:11.460root 11241100x80000000000000006960815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72fdf9371201ec2022-01-05 10:03:11.460root 11241100x80000000000000006960816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6228f7f93228d0b52022-01-05 10:03:11.461root 11241100x80000000000000006960817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a59b6db8d05102022-01-05 10:03:11.461root 11241100x80000000000000006960818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e0fe0592ca40372022-01-05 10:03:11.462root 11241100x80000000000000006960819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38c6d7770148a5d2022-01-05 10:03:11.462root 11241100x80000000000000006960820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb7605e59b5d28c2022-01-05 10:03:11.462root 11241100x80000000000000006960821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16efbdee0c51a9fb2022-01-05 10:03:11.462root 11241100x80000000000000006960822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cbe790cdea092b2022-01-05 10:03:11.463root 11241100x80000000000000006960823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a72a4df021904a12022-01-05 10:03:11.463root 11241100x80000000000000006960824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b16bfa3eb2742952022-01-05 10:03:11.463root 11241100x80000000000000006960825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35422c953aa972112022-01-05 10:03:11.464root 11241100x80000000000000006960826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4718b17559bfbcbc2022-01-05 10:03:11.464root 11241100x80000000000000006960827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adc1483a45753842022-01-05 10:03:11.464root 11241100x80000000000000006960828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5876d8e60ad5e52022-01-05 10:03:11.464root 11241100x80000000000000006960829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54c792ff9c3e7782022-01-05 10:03:11.465root 11241100x80000000000000006960830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1337bef79a5e542022-01-05 10:03:11.465root 11241100x80000000000000006960831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de680e87a209c762022-01-05 10:03:11.465root 11241100x80000000000000006960832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a44d2cd0bba95b2022-01-05 10:03:11.465root 11241100x80000000000000006960833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aae6ebb7694b3312022-01-05 10:03:11.465root 11241100x80000000000000006960834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d172b48f6fa77ca52022-01-05 10:03:11.465root 11241100x80000000000000006960835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9243fa24b57efee2022-01-05 10:03:11.465root 11241100x80000000000000006960836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15683309caee3cab2022-01-05 10:03:11.465root 11241100x80000000000000006960837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42d3849373529ce2022-01-05 10:03:11.465root 11241100x80000000000000006960838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385d58a61e429c6d2022-01-05 10:03:11.465root 11241100x80000000000000006960839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff08ddb7daa91002022-01-05 10:03:11.466root 11241100x80000000000000006960840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50456d8a258229702022-01-05 10:03:11.466root 11241100x80000000000000006960841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b146736d6e3cb82022-01-05 10:03:11.466root 11241100x80000000000000006960842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26cc25a409a60322022-01-05 10:03:11.960root 11241100x80000000000000006960843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb60065c41eb6bd32022-01-05 10:03:11.960root 11241100x80000000000000006960844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b83494432e34642022-01-05 10:03:11.961root 11241100x80000000000000006960845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c849a826061ef6792022-01-05 10:03:11.961root 11241100x80000000000000006960846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf126dfe2e3d13222022-01-05 10:03:11.961root 11241100x80000000000000006960847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd01a0ba535f69c02022-01-05 10:03:11.961root 11241100x80000000000000006960848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16936c6680e7ea272022-01-05 10:03:11.961root 11241100x80000000000000006960849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903666c24840bbf62022-01-05 10:03:11.962root 11241100x80000000000000006960850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2d165d1b98ba252022-01-05 10:03:11.962root 11241100x80000000000000006960851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00b00dce2f539522022-01-05 10:03:11.962root 11241100x80000000000000006960852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c728ff5bdd9fe62022-01-05 10:03:11.962root 11241100x80000000000000006960853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e9d196c69a48322022-01-05 10:03:11.962root 11241100x80000000000000006960854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416407a6ac1964382022-01-05 10:03:11.963root 11241100x80000000000000006960855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be309113a8a675a2022-01-05 10:03:11.963root 11241100x80000000000000006960856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fefafa61d2ccd5c2022-01-05 10:03:11.963root 11241100x80000000000000006960857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c458b1564073bd52022-01-05 10:03:11.963root 11241100x80000000000000006960858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cdb6a4dc1400522022-01-05 10:03:11.963root 11241100x80000000000000006960859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b197bd356a88a02022-01-05 10:03:11.963root 11241100x80000000000000006960860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9e97eb50a4ffcb2022-01-05 10:03:11.964root 11241100x80000000000000006960861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d93602ed5cb62e2022-01-05 10:03:11.964root 11241100x80000000000000006960862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b931fc039545ac2022-01-05 10:03:11.964root 11241100x80000000000000006960863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8462ef1ebf0d832022-01-05 10:03:11.964root 11241100x80000000000000006960864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458e018b2949534f2022-01-05 10:03:11.964root 11241100x80000000000000006960865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16ade928bbf6e102022-01-05 10:03:11.964root 11241100x80000000000000006960866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183849b299743d6d2022-01-05 10:03:11.964root 11241100x80000000000000006960867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76803e93c7e055422022-01-05 10:03:11.964root 11241100x80000000000000006960868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74f8dcfd1bceea42022-01-05 10:03:11.964root 11241100x80000000000000006960869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557de6cde09b0d3c2022-01-05 10:03:11.964root 11241100x80000000000000006960870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:11.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6917a0f08f94600e2022-01-05 10:03:11.965root 354300x80000000000000006960871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.246{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41726-false10.0.1.12-8000- 11241100x80000000000000006960872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c616204913640a2022-01-05 10:03:12.246root 11241100x80000000000000006960873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888d369f58a2d0372022-01-05 10:03:12.247root 11241100x80000000000000006960874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f2ac08d2604e592022-01-05 10:03:12.247root 11241100x80000000000000006960875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884da7b3733227c32022-01-05 10:03:12.247root 11241100x80000000000000006960876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae94c0e59e0575352022-01-05 10:03:12.247root 11241100x80000000000000006960877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0839dd88599f75892022-01-05 10:03:12.248root 11241100x80000000000000006960878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7f847195461ae82022-01-05 10:03:12.248root 11241100x80000000000000006960879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903884ebf2714dea2022-01-05 10:03:12.248root 11241100x80000000000000006960880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e9eeee298aceba2022-01-05 10:03:12.248root 11241100x80000000000000006960881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe5a75ec2a7d4742022-01-05 10:03:12.248root 11241100x80000000000000006960882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fded77ced430a3f82022-01-05 10:03:12.249root 11241100x80000000000000006960883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22a650906488b152022-01-05 10:03:12.249root 11241100x80000000000000006960884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8393a5281e89a7d12022-01-05 10:03:12.250root 11241100x80000000000000006960885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c54544f9064714f2022-01-05 10:03:12.250root 11241100x80000000000000006960886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a6e8acab064bdd2022-01-05 10:03:12.251root 11241100x80000000000000006960887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13925d49c6bd85142022-01-05 10:03:12.251root 11241100x80000000000000006960888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fdca35ef1d321c2022-01-05 10:03:12.251root 11241100x80000000000000006960889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.252{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0bf241ffe665062022-01-05 10:03:12.252root 11241100x80000000000000006960890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.252{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395c42ba839503c12022-01-05 10:03:12.252root 11241100x80000000000000006960891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.252{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4a41a17ae8e16a2022-01-05 10:03:12.252root 11241100x80000000000000006960892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.252{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16ddc6115d6e1b72022-01-05 10:03:12.252root 11241100x80000000000000006960893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.252{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a60a4fe88288442022-01-05 10:03:12.252root 11241100x80000000000000006960894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.252{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326f48c18cfe4dbd2022-01-05 10:03:12.252root 11241100x80000000000000006960895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.252{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fc02f0bf3a8a0e2022-01-05 10:03:12.252root 11241100x80000000000000006960896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.252{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd09fef86be904f2022-01-05 10:03:12.252root 11241100x80000000000000006960897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3470f63519a567392022-01-05 10:03:12.253root 11241100x80000000000000006960898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe3be4a13afe8952022-01-05 10:03:12.253root 11241100x80000000000000006960899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873f3af70c99e20b2022-01-05 10:03:12.253root 11241100x80000000000000006960900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adec214c7325d23f2022-01-05 10:03:12.253root 11241100x80000000000000006960901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ac313109477d2d2022-01-05 10:03:12.254root 11241100x80000000000000006960902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc893acf937581752022-01-05 10:03:12.254root 11241100x80000000000000006960903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac31ccce36123d292022-01-05 10:03:12.254root 11241100x80000000000000006960904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e7342bdea748222022-01-05 10:03:12.254root 11241100x80000000000000006960905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1899910ea8e1689c2022-01-05 10:03:12.254root 11241100x80000000000000006960906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79af6b4679d8f9972022-01-05 10:03:12.254root 11241100x80000000000000006960907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d385352b976de5272022-01-05 10:03:12.710root 11241100x80000000000000006960908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9527f850293c3e22022-01-05 10:03:12.710root 11241100x80000000000000006960909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d9baefe06ae88e2022-01-05 10:03:12.710root 11241100x80000000000000006960910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940d2e59ab8147f82022-01-05 10:03:12.710root 11241100x80000000000000006960911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe10cc5b606f04c72022-01-05 10:03:12.710root 11241100x80000000000000006960912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf2137780fe9fde2022-01-05 10:03:12.710root 11241100x80000000000000006960913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b11b960849e3e62022-01-05 10:03:12.711root 11241100x80000000000000006960914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bbf90600a726032022-01-05 10:03:12.711root 11241100x80000000000000006960915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51c38a229eed3052022-01-05 10:03:12.711root 11241100x80000000000000006960916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494083681018a91d2022-01-05 10:03:12.711root 11241100x80000000000000006960917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa760751f6e4c2c2022-01-05 10:03:12.711root 11241100x80000000000000006960918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cd4abb423197e22022-01-05 10:03:12.711root 11241100x80000000000000006960919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d8e063b58793dd2022-01-05 10:03:12.711root 11241100x80000000000000006960920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf36e6e113aef3b2022-01-05 10:03:12.711root 11241100x80000000000000006960921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ac9557b590841f2022-01-05 10:03:12.711root 11241100x80000000000000006960922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d886c8a65ff35a2b2022-01-05 10:03:12.711root 11241100x80000000000000006960923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b72da825b71edf2022-01-05 10:03:12.712root 11241100x80000000000000006960924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b065be4c992bb7b2022-01-05 10:03:12.713root 11241100x80000000000000006960925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8132c35f6a173ce2022-01-05 10:03:12.713root 11241100x80000000000000006960926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53081fed77698d6d2022-01-05 10:03:12.713root 11241100x80000000000000006960927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8d6a640e3cb4022022-01-05 10:03:12.713root 11241100x80000000000000006960928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ac6dbe9c8c5e092022-01-05 10:03:12.713root 11241100x80000000000000006960929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496b1451aa6af9912022-01-05 10:03:12.713root 11241100x80000000000000006960930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b1ad8f5356701a2022-01-05 10:03:12.713root 11241100x80000000000000006960931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7571e7376289f7172022-01-05 10:03:12.713root 11241100x80000000000000006960932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eb893d6ef351e02022-01-05 10:03:12.713root 11241100x80000000000000006960933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9476718e74a6052022-01-05 10:03:12.713root 11241100x80000000000000006960934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbff8f87383b00952022-01-05 10:03:12.713root 11241100x80000000000000006960935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e7738d226b51af2022-01-05 10:03:12.714root 11241100x80000000000000006960936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:12.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373fa403ce81b1fd2022-01-05 10:03:12.714root 11241100x80000000000000006960937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0a4d9643fa96522022-01-05 10:03:13.210root 11241100x80000000000000006960938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf630d4aa973a72022-01-05 10:03:13.210root 11241100x80000000000000006960939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8563ba6e5b4441c2022-01-05 10:03:13.210root 11241100x80000000000000006960940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ac238d32af71452022-01-05 10:03:13.210root 11241100x80000000000000006960941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78332179a9f6f7b2022-01-05 10:03:13.210root 11241100x80000000000000006960942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b95ca193c961ce2022-01-05 10:03:13.210root 11241100x80000000000000006960943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372fe90c378e0af32022-01-05 10:03:13.211root 11241100x80000000000000006960944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa1316116703c842022-01-05 10:03:13.211root 11241100x80000000000000006960945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e554cf4da162ba592022-01-05 10:03:13.211root 11241100x80000000000000006960946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63855d3d3eb3b6cf2022-01-05 10:03:13.211root 11241100x80000000000000006960947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f784ea2fd68388db2022-01-05 10:03:13.211root 11241100x80000000000000006960948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae66f97b31e563c02022-01-05 10:03:13.211root 11241100x80000000000000006960949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121abdb3bebb3dee2022-01-05 10:03:13.211root 11241100x80000000000000006960950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a8392d0a785f302022-01-05 10:03:13.211root 11241100x80000000000000006960951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff9b4c943cf827d2022-01-05 10:03:13.211root 11241100x80000000000000006960952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43836f4aaad30a62022-01-05 10:03:13.211root 11241100x80000000000000006960953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3496cf40a38ce82d2022-01-05 10:03:13.211root 11241100x80000000000000006960954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655aa04275624ebb2022-01-05 10:03:13.211root 11241100x80000000000000006960955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923d232004507c072022-01-05 10:03:13.211root 11241100x80000000000000006960956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363c077752c3ae12022-01-05 10:03:13.211root 11241100x80000000000000006960957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e829228001bfb72022-01-05 10:03:13.211root 11241100x80000000000000006960958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2458f060cc36a32022-01-05 10:03:13.211root 11241100x80000000000000006960959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a054ea2ca939b72022-01-05 10:03:13.212root 11241100x80000000000000006960960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775a6e256ed5c2382022-01-05 10:03:13.212root 11241100x80000000000000006960961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40094dc83600d0db2022-01-05 10:03:13.212root 11241100x80000000000000006960962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc42297be93285cf2022-01-05 10:03:13.212root 11241100x80000000000000006960963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba0801bba80ad92022-01-05 10:03:13.212root 11241100x80000000000000006960964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4c82371a8ab4bb2022-01-05 10:03:13.212root 11241100x80000000000000006960965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6fceca8890e4fe2022-01-05 10:03:13.212root 11241100x80000000000000006960966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2da145cdc076d62022-01-05 10:03:13.212root 11241100x80000000000000006960967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745c9b179381dac32022-01-05 10:03:13.710root 11241100x80000000000000006960968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37995a49e9034b292022-01-05 10:03:13.710root 11241100x80000000000000006960969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a6bc470cc4fdff2022-01-05 10:03:13.710root 11241100x80000000000000006960970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d0df60393162f82022-01-05 10:03:13.710root 11241100x80000000000000006960971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e253b8fd01ad8342022-01-05 10:03:13.710root 11241100x80000000000000006960972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49c6dcc430f43a02022-01-05 10:03:13.710root 11241100x80000000000000006960973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff3984ee1d758e32022-01-05 10:03:13.711root 11241100x80000000000000006960974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e63498bead7fb2022-01-05 10:03:13.711root 11241100x80000000000000006960975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85754f442c8456c02022-01-05 10:03:13.711root 11241100x80000000000000006960976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dca85c67fb97aa72022-01-05 10:03:13.711root 11241100x80000000000000006960977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a4a8f814f450882022-01-05 10:03:13.711root 11241100x80000000000000006960978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e785b65c598ee0872022-01-05 10:03:13.711root 11241100x80000000000000006960979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1689f5315208969e2022-01-05 10:03:13.711root 11241100x80000000000000006960980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfa2350396483542022-01-05 10:03:13.711root 11241100x80000000000000006960981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d2adf0d4788f6d2022-01-05 10:03:13.711root 11241100x80000000000000006960982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6183e4b37f2f73102022-01-05 10:03:13.711root 11241100x80000000000000006960983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f402588b41dec12022-01-05 10:03:13.711root 11241100x80000000000000006960984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335baab6c61fbae62022-01-05 10:03:13.711root 11241100x80000000000000006960985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daa71682e8ea8f82022-01-05 10:03:13.711root 11241100x80000000000000006960986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20dfc502119dd972022-01-05 10:03:13.712root 11241100x80000000000000006960987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1f75e5d5473c662022-01-05 10:03:13.712root 11241100x80000000000000006960988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f570a11fd4284b2022-01-05 10:03:13.712root 11241100x80000000000000006960989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f26220bd367d782022-01-05 10:03:13.712root 11241100x80000000000000006960990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b5f5b29ed000372022-01-05 10:03:13.712root 11241100x80000000000000006960991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f66ef474201844e2022-01-05 10:03:13.712root 11241100x80000000000000006960992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7543d757750ff22022-01-05 10:03:13.712root 11241100x80000000000000006960993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b9b8d4c6aafce32022-01-05 10:03:13.712root 11241100x80000000000000006960994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eecfe85eee1ff92022-01-05 10:03:13.712root 11241100x80000000000000006960995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a01582ee5ade93e2022-01-05 10:03:13.712root 11241100x80000000000000006960996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:13.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670f27d4349927232022-01-05 10:03:13.712root 11241100x80000000000000006960997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fc413635df4b972022-01-05 10:03:14.210root 11241100x80000000000000006960998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92776dcc5dbfc3c62022-01-05 10:03:14.210root 11241100x80000000000000006960999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5c675074ac74312022-01-05 10:03:14.210root 11241100x80000000000000006961000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de231f6231623c82022-01-05 10:03:14.210root 11241100x80000000000000006961001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9ee5e6ff9071342022-01-05 10:03:14.210root 11241100x80000000000000006961002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf8c5c686494d372022-01-05 10:03:14.210root 11241100x80000000000000006961003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10344e41216662932022-01-05 10:03:14.211root 11241100x80000000000000006961004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c11ef98ee36b902022-01-05 10:03:14.211root 11241100x80000000000000006961005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51c25ce7c7e524b2022-01-05 10:03:14.211root 11241100x80000000000000006961006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38b23abf5a746632022-01-05 10:03:14.211root 11241100x80000000000000006961007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bda2970239b7922022-01-05 10:03:14.211root 11241100x80000000000000006961008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa6e7e42f49cf662022-01-05 10:03:14.211root 11241100x80000000000000006961009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d913e86c78b46d372022-01-05 10:03:14.211root 11241100x80000000000000006961010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87b6d45ec3b9ed02022-01-05 10:03:14.211root 11241100x80000000000000006961011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31662fd0b72db4d2022-01-05 10:03:14.211root 11241100x80000000000000006961012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5995a1e9c88996672022-01-05 10:03:14.211root 11241100x80000000000000006961013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ecadb87fd0e2192022-01-05 10:03:14.211root 11241100x80000000000000006961014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ec5ac0170c3dc12022-01-05 10:03:14.211root 11241100x80000000000000006961015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5af41e92ab766c2022-01-05 10:03:14.211root 11241100x80000000000000006961016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4669cdebc5aa44f52022-01-05 10:03:14.211root 11241100x80000000000000006961017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceffbca2ecf6661a2022-01-05 10:03:14.211root 11241100x80000000000000006961018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ce1e1cd17e558e2022-01-05 10:03:14.212root 11241100x80000000000000006961019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bfa9297fe5b4802022-01-05 10:03:14.212root 11241100x80000000000000006961020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4a961e5b7513b92022-01-05 10:03:14.212root 11241100x80000000000000006961021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e815b99f077da3a2022-01-05 10:03:14.212root 11241100x80000000000000006961022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87440713bf9d56fd2022-01-05 10:03:14.212root 11241100x80000000000000006961023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e99fffb20a82a202022-01-05 10:03:14.212root 11241100x80000000000000006961024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e9893fa18dbbca2022-01-05 10:03:14.212root 11241100x80000000000000006961025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a166c846c3272b892022-01-05 10:03:14.212root 11241100x80000000000000006961026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdafc6d6dca17892022-01-05 10:03:14.212root 11241100x80000000000000006961027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa002e97d16aeba2022-01-05 10:03:14.710root 11241100x80000000000000006961028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b895e42ad97160682022-01-05 10:03:14.710root 11241100x80000000000000006961029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a30686ae143d4f82022-01-05 10:03:14.710root 11241100x80000000000000006961030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d1c7a9e3a0c7942022-01-05 10:03:14.710root 11241100x80000000000000006961031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8488f1321539d1dc2022-01-05 10:03:14.710root 11241100x80000000000000006961032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37327cf9e6ecbae12022-01-05 10:03:14.710root 11241100x80000000000000006961033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7501a0e35d1fcc712022-01-05 10:03:14.711root 11241100x80000000000000006961034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29a292d6965832f2022-01-05 10:03:14.711root 11241100x80000000000000006961035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692a108ca464e0132022-01-05 10:03:14.711root 11241100x80000000000000006961036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed33eafacb756802022-01-05 10:03:14.711root 11241100x80000000000000006961037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019db87896317b332022-01-05 10:03:14.711root 11241100x80000000000000006961038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20479a18d0bd8ccc2022-01-05 10:03:14.711root 11241100x80000000000000006961039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa0d6652ee16ac42022-01-05 10:03:14.711root 11241100x80000000000000006961040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741d6e25327a01302022-01-05 10:03:14.711root 11241100x80000000000000006961041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9279b572fd2392862022-01-05 10:03:14.711root 11241100x80000000000000006961042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2abf1a8b2ad542f2022-01-05 10:03:14.711root 11241100x80000000000000006961043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab95da589fac9ea2022-01-05 10:03:14.711root 11241100x80000000000000006961044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9a5f3a93c88f912022-01-05 10:03:14.711root 11241100x80000000000000006961045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b786c1ba3fd81f1a2022-01-05 10:03:14.712root 11241100x80000000000000006961046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057ae722994780622022-01-05 10:03:14.712root 11241100x80000000000000006961047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896d2b126e96a2992022-01-05 10:03:14.712root 11241100x80000000000000006961048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2888003ae2095b2022-01-05 10:03:14.712root 11241100x80000000000000006961049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81c92f51ea1e4f22022-01-05 10:03:14.712root 11241100x80000000000000006961050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d46ad2f4c79bc732022-01-05 10:03:14.712root 11241100x80000000000000006961051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724724a5dce106302022-01-05 10:03:14.712root 11241100x80000000000000006961052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ff29dc676306cb2022-01-05 10:03:14.712root 11241100x80000000000000006961053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50c3315f143466d2022-01-05 10:03:14.712root 11241100x80000000000000006961054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321637587c0336f02022-01-05 10:03:14.712root 11241100x80000000000000006961055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d284f0d16000f4e2022-01-05 10:03:14.712root 11241100x80000000000000006961056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e455778dcf877c082022-01-05 10:03:14.712root 11241100x80000000000000006961057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fbcf6aaf9e60c72022-01-05 10:03:15.211root 11241100x80000000000000006961058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5614255d79a0912022-01-05 10:03:15.211root 11241100x80000000000000006961059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450d9cd5670247582022-01-05 10:03:15.211root 11241100x80000000000000006961060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c65a4126ad29d312022-01-05 10:03:15.211root 11241100x80000000000000006961061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813e5a77a46c49b2022-01-05 10:03:15.211root 11241100x80000000000000006961062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c83d61f7aeb3672022-01-05 10:03:15.211root 11241100x80000000000000006961063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894dd44cf41668ed2022-01-05 10:03:15.211root 11241100x80000000000000006961064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505d7a032e37397d2022-01-05 10:03:15.211root 11241100x80000000000000006961065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1e008b753c56fb2022-01-05 10:03:15.211root 11241100x80000000000000006961066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d91622bd488a95e2022-01-05 10:03:15.212root 11241100x80000000000000006961067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197d4fa39468913e2022-01-05 10:03:15.212root 11241100x80000000000000006961068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07cae189a53b17f2022-01-05 10:03:15.212root 11241100x80000000000000006961069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa5fc80ea989adc2022-01-05 10:03:15.212root 11241100x80000000000000006961070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011f79a8a02e532f2022-01-05 10:03:15.212root 11241100x80000000000000006961071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c609bade6ba936a2022-01-05 10:03:15.212root 11241100x80000000000000006961072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc054b5335304262022-01-05 10:03:15.212root 11241100x80000000000000006961073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089d43dfa1e62d532022-01-05 10:03:15.212root 11241100x80000000000000006961074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234288172b09497b2022-01-05 10:03:15.212root 11241100x80000000000000006961075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c870dc33040d4bc32022-01-05 10:03:15.212root 11241100x80000000000000006961076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cd06a4d29c3f072022-01-05 10:03:15.212root 11241100x80000000000000006961077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae2f20e054f96cb2022-01-05 10:03:15.212root 11241100x80000000000000006961078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ff777bb22fc2da2022-01-05 10:03:15.212root 11241100x80000000000000006961079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a54de0796ad3ec42022-01-05 10:03:15.213root 11241100x80000000000000006961080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b392156e58db292022-01-05 10:03:15.213root 11241100x80000000000000006961081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b292800035a5b742022-01-05 10:03:15.213root 11241100x80000000000000006961082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c503c21072e261f2022-01-05 10:03:15.213root 11241100x80000000000000006961083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc3f202b495006a2022-01-05 10:03:15.213root 11241100x80000000000000006961084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed7de0c7b17093b2022-01-05 10:03:15.213root 11241100x80000000000000006961085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b551676888c17c2022-01-05 10:03:15.214root 11241100x80000000000000006961086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f36a4fc2dbb9f5d2022-01-05 10:03:15.214root 11241100x80000000000000006961087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a882c71addd382a2022-01-05 10:03:15.710root 11241100x80000000000000006961088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac6d7b9bd55ca302022-01-05 10:03:15.710root 11241100x80000000000000006961089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd6fe16275ae2352022-01-05 10:03:15.710root 11241100x80000000000000006961090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556f4afb32b65eac2022-01-05 10:03:15.710root 11241100x80000000000000006961091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6634487042c1962022-01-05 10:03:15.711root 11241100x80000000000000006961092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b89e9abc93675ea2022-01-05 10:03:15.711root 11241100x80000000000000006961093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb76a59c4b7d8b762022-01-05 10:03:15.711root 11241100x80000000000000006961094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d505adffc2a7e09b2022-01-05 10:03:15.711root 11241100x80000000000000006961095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9490f90230abc1412022-01-05 10:03:15.711root 11241100x80000000000000006961096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60fd4ec9a162b722022-01-05 10:03:15.711root 11241100x80000000000000006961097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b53089290a7ced2022-01-05 10:03:15.711root 11241100x80000000000000006961098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774435f091d145962022-01-05 10:03:15.711root 11241100x80000000000000006961099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2dfa5221a5f42b2022-01-05 10:03:15.711root 11241100x80000000000000006961100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6842a655929ef942022-01-05 10:03:15.711root 11241100x80000000000000006961101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17eb6565c5eec622022-01-05 10:03:15.711root 11241100x80000000000000006961102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba93937702c22d32022-01-05 10:03:15.711root 11241100x80000000000000006961103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02559c4a0fc85922022-01-05 10:03:15.711root 11241100x80000000000000006961104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92ef63cc122fe782022-01-05 10:03:15.712root 11241100x80000000000000006961105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d193b091aa30e122022-01-05 10:03:15.712root 11241100x80000000000000006961106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174b08c90c8c414d2022-01-05 10:03:15.712root 11241100x80000000000000006961107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa60e7a2110efd482022-01-05 10:03:15.712root 11241100x80000000000000006961108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee51eeced7d3a2c2022-01-05 10:03:15.712root 11241100x80000000000000006961109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1d61175971570a2022-01-05 10:03:15.712root 11241100x80000000000000006961110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530c517934811fdb2022-01-05 10:03:15.712root 11241100x80000000000000006961111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862a8164d3276bdc2022-01-05 10:03:15.712root 11241100x80000000000000006961112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff54d050fdb0e5ca2022-01-05 10:03:15.712root 11241100x80000000000000006961113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d26f19d0d2cc57b2022-01-05 10:03:15.712root 11241100x80000000000000006961114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b084bced587de0a32022-01-05 10:03:15.712root 11241100x80000000000000006961115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c954cf39cfd19e32022-01-05 10:03:15.712root 11241100x80000000000000006961116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e45297dd3d7eb72022-01-05 10:03:15.712root 11241100x80000000000000006961117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9839b62a71cfb4c52022-01-05 10:03:16.210root 11241100x80000000000000006961118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1adca1a73572692022-01-05 10:03:16.210root 11241100x80000000000000006961119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962e64469f4512af2022-01-05 10:03:16.210root 11241100x80000000000000006961120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628adc9578bddcbe2022-01-05 10:03:16.210root 11241100x80000000000000006961121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8bdfde2c7fbe7a2022-01-05 10:03:16.210root 11241100x80000000000000006961122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119c3759f56776fb2022-01-05 10:03:16.210root 11241100x80000000000000006961123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e15c6039ed4ee1c2022-01-05 10:03:16.211root 11241100x80000000000000006961124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e18fc9024682e7a2022-01-05 10:03:16.211root 11241100x80000000000000006961125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d706b4addbcf392022-01-05 10:03:16.211root 11241100x80000000000000006961126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcfc8b341c82daf2022-01-05 10:03:16.211root 11241100x80000000000000006961127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313234f4cbc8da672022-01-05 10:03:16.211root 11241100x80000000000000006961128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb89a20344038e92022-01-05 10:03:16.211root 11241100x80000000000000006961129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014bdb0216d1afa82022-01-05 10:03:16.211root 11241100x80000000000000006961130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76283009fd7dd54d2022-01-05 10:03:16.211root 11241100x80000000000000006961131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858d80dd8503389d2022-01-05 10:03:16.211root 11241100x80000000000000006961132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3791bb3b832f4b2022-01-05 10:03:16.211root 11241100x80000000000000006961133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ceabd0f9aba1b02022-01-05 10:03:16.211root 11241100x80000000000000006961134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977c623ae7fc8fee2022-01-05 10:03:16.211root 11241100x80000000000000006961135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d2bd0611e39ea12022-01-05 10:03:16.211root 11241100x80000000000000006961136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c4b0eeaff5f8e92022-01-05 10:03:16.212root 11241100x80000000000000006961137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0333b9f450b2fac22022-01-05 10:03:16.212root 11241100x80000000000000006961138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3873bccd9d46bca2022-01-05 10:03:16.212root 11241100x80000000000000006961139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972f88516e234cd22022-01-05 10:03:16.212root 11241100x80000000000000006961140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf51ea36e9b22db2022-01-05 10:03:16.212root 11241100x80000000000000006961141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120e790d040207402022-01-05 10:03:16.212root 11241100x80000000000000006961142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abeaa35983df9c482022-01-05 10:03:16.212root 11241100x80000000000000006961143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa9fed6d54414892022-01-05 10:03:16.212root 11241100x80000000000000006961144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6882fc2548b8f6222022-01-05 10:03:16.212root 11241100x80000000000000006961145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6bca9313963c2c2022-01-05 10:03:16.212root 11241100x80000000000000006961146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f1d238659b1dc62022-01-05 10:03:16.212root 11241100x80000000000000006961147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948cdfc3bcf756862022-01-05 10:03:16.710root 11241100x80000000000000006961148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f92ed6f07b11d42022-01-05 10:03:16.710root 11241100x80000000000000006961149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df56f82c554357372022-01-05 10:03:16.710root 11241100x80000000000000006961150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec058aca33a8ec842022-01-05 10:03:16.710root 11241100x80000000000000006961151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73e06069d86076f2022-01-05 10:03:16.710root 11241100x80000000000000006961152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582d519cdd079f862022-01-05 10:03:16.710root 11241100x80000000000000006961153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eadffced44f892e2022-01-05 10:03:16.711root 11241100x80000000000000006961154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc706f9256d3601f2022-01-05 10:03:16.711root 11241100x80000000000000006961155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81db747587b2f4292022-01-05 10:03:16.711root 11241100x80000000000000006961156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae77b8bf8ebffb2022-01-05 10:03:16.711root 11241100x80000000000000006961157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77089e1c0826d212022-01-05 10:03:16.711root 11241100x80000000000000006961158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536469cfbc5476c82022-01-05 10:03:16.711root 11241100x80000000000000006961159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ebefd6c8fb37d82022-01-05 10:03:16.711root 11241100x80000000000000006961160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafeef24dfffc58e2022-01-05 10:03:16.711root 11241100x80000000000000006961161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3958b2896ff7c08b2022-01-05 10:03:16.711root 11241100x80000000000000006961162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122a11a2e85125372022-01-05 10:03:16.711root 11241100x80000000000000006961163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048d7d319d91fbf12022-01-05 10:03:16.711root 11241100x80000000000000006961164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0888f567413b2a2022-01-05 10:03:16.711root 11241100x80000000000000006961165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa007f7adf44eb072022-01-05 10:03:16.711root 11241100x80000000000000006961166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7424262fcc7f9b242022-01-05 10:03:16.711root 11241100x80000000000000006961167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc35dc4eb25d8ad2022-01-05 10:03:16.712root 11241100x80000000000000006961168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a01841d4a65d5cb2022-01-05 10:03:16.712root 11241100x80000000000000006961169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800defbc19f568522022-01-05 10:03:16.712root 11241100x80000000000000006961170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc23269553660c1d2022-01-05 10:03:16.712root 11241100x80000000000000006961171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab48a1c7c23e76402022-01-05 10:03:16.712root 11241100x80000000000000006961172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc50fbcb97c57c02022-01-05 10:03:16.712root 11241100x80000000000000006961173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a571a96a42cd6d962022-01-05 10:03:16.712root 11241100x80000000000000006961174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f41e007001681bd2022-01-05 10:03:16.712root 11241100x80000000000000006961175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482bcc72b083f39d2022-01-05 10:03:16.712root 11241100x80000000000000006961176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc014212f08ddb12022-01-05 10:03:16.712root 11241100x80000000000000006961177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f429ff069be9b62022-01-05 10:03:17.210root 11241100x80000000000000006961178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b20d95da989d742022-01-05 10:03:17.210root 11241100x80000000000000006961179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5040f4a5fd5ccadc2022-01-05 10:03:17.210root 11241100x80000000000000006961180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4dacfcdf723a7f2022-01-05 10:03:17.210root 11241100x80000000000000006961181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee9d71d3d7a76132022-01-05 10:03:17.210root 11241100x80000000000000006961182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55945bc27ee865162022-01-05 10:03:17.210root 11241100x80000000000000006961183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478f61478020d0e32022-01-05 10:03:17.211root 11241100x80000000000000006961184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69748a67dbc09cf2022-01-05 10:03:17.211root 11241100x80000000000000006961185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37031f5d91ff3de2022-01-05 10:03:17.211root 11241100x80000000000000006961186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aa5c3599cd067a2022-01-05 10:03:17.211root 11241100x80000000000000006961187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9d866080b37baa2022-01-05 10:03:17.211root 11241100x80000000000000006961188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd86b3c8a7392412022-01-05 10:03:17.211root 11241100x80000000000000006961189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d14c9963c5a56392022-01-05 10:03:17.211root 11241100x80000000000000006961190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abf391f6fd7788b2022-01-05 10:03:17.211root 11241100x80000000000000006961191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a067d89882b922ad2022-01-05 10:03:17.211root 11241100x80000000000000006961192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cebea56ee9b8fd2022-01-05 10:03:17.211root 11241100x80000000000000006961193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72552b0fc1aa9792022-01-05 10:03:17.211root 11241100x80000000000000006961194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c176c441914b1def2022-01-05 10:03:17.211root 11241100x80000000000000006961195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af88e1741c87afed2022-01-05 10:03:17.211root 11241100x80000000000000006961196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8af791e9718eac2022-01-05 10:03:17.212root 11241100x80000000000000006961197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d3af5ae99c49272022-01-05 10:03:17.212root 11241100x80000000000000006961198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0261577de3c6d22022-01-05 10:03:17.213root 11241100x80000000000000006961199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2527904419d060912022-01-05 10:03:17.213root 11241100x80000000000000006961200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa637e606d1fc7a52022-01-05 10:03:17.213root 11241100x80000000000000006961201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803fa610b5b8c5532022-01-05 10:03:17.213root 11241100x80000000000000006961202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44534c863b967332022-01-05 10:03:17.213root 11241100x80000000000000006961203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbc8e3cd27d26022022-01-05 10:03:17.213root 11241100x80000000000000006961204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c01d5684a15425f2022-01-05 10:03:17.213root 11241100x80000000000000006961205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfa53a45e0ff3f32022-01-05 10:03:17.213root 11241100x80000000000000006961206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87c2dadc8381ac62022-01-05 10:03:17.213root 11241100x80000000000000006961207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0aba5c5c8dae082022-01-05 10:03:17.213root 11241100x80000000000000006961208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dfc158523908662022-01-05 10:03:17.213root 11241100x80000000000000006961209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5fbff74d695d4b2022-01-05 10:03:17.213root 11241100x80000000000000006961210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0df32de59a9f952022-01-05 10:03:17.213root 11241100x80000000000000006961211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03ca44af22a2ff52022-01-05 10:03:17.213root 11241100x80000000000000006961212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa407f144212fd72022-01-05 10:03:17.213root 11241100x80000000000000006961213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ea1b7d6a5c97de2022-01-05 10:03:17.213root 11241100x80000000000000006961214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3316727104bb587f2022-01-05 10:03:17.214root 11241100x80000000000000006961215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b778ef055e51cfd2022-01-05 10:03:17.214root 11241100x80000000000000006961216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a82ddfc68a658c42022-01-05 10:03:17.214root 11241100x80000000000000006961217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaa797e03cb09572022-01-05 10:03:17.214root 11241100x80000000000000006961218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c9465dd6f66b12022-01-05 10:03:17.214root 11241100x80000000000000006961219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cb7ffe98e00fd22022-01-05 10:03:17.214root 11241100x80000000000000006961220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a66af7eefbadd92022-01-05 10:03:17.214root 11241100x80000000000000006961221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e33c4413ef79f282022-01-05 10:03:17.214root 11241100x80000000000000006961222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1816e1282aa5867a2022-01-05 10:03:17.214root 11241100x80000000000000006961223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af78778653941f5f2022-01-05 10:03:17.214root 11241100x80000000000000006961224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75271fff35eb49b2022-01-05 10:03:17.214root 11241100x80000000000000006961225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107d6406860180c02022-01-05 10:03:17.214root 11241100x80000000000000006961226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b940e01bc356e62022-01-05 10:03:17.710root 11241100x80000000000000006961227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eb9b61f31927772022-01-05 10:03:17.710root 11241100x80000000000000006961228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ce266cb8835ec2022-01-05 10:03:17.710root 11241100x80000000000000006961229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3780e1fb74ac7dad2022-01-05 10:03:17.710root 11241100x80000000000000006961230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac558b9a020b66642022-01-05 10:03:17.710root 11241100x80000000000000006961231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982278ebb2d9bbee2022-01-05 10:03:17.710root 11241100x80000000000000006961232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd286452860255592022-01-05 10:03:17.711root 11241100x80000000000000006961233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea100bda126df1e2022-01-05 10:03:17.711root 11241100x80000000000000006961234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98e7bc24d14da52022-01-05 10:03:17.711root 11241100x80000000000000006961235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4273d4540f26ee0f2022-01-05 10:03:17.711root 11241100x80000000000000006961236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b1f0b7824a9a7c2022-01-05 10:03:17.711root 11241100x80000000000000006961237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27bd9bc790f45bf2022-01-05 10:03:17.711root 11241100x80000000000000006961238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b990abe37b42ca2022-01-05 10:03:17.711root 11241100x80000000000000006961239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f193766feef5972022-01-05 10:03:17.711root 11241100x80000000000000006961240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358b9afe2d7a2bc32022-01-05 10:03:17.711root 11241100x80000000000000006961241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d90581a0f37cfa2022-01-05 10:03:17.711root 11241100x80000000000000006961242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e58b1ef3361a312022-01-05 10:03:17.711root 11241100x80000000000000006961243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3934daea49b5502022-01-05 10:03:17.711root 11241100x80000000000000006961244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18360869d8712da2022-01-05 10:03:17.711root 11241100x80000000000000006961245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3731bf23d45738472022-01-05 10:03:17.712root 11241100x80000000000000006961246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a485a179b16458a2022-01-05 10:03:17.712root 11241100x80000000000000006961247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc5685ee6001ac62022-01-05 10:03:17.712root 11241100x80000000000000006961248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d0c5de26f62bf02022-01-05 10:03:17.712root 11241100x80000000000000006961249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c0d721c7c4ef552022-01-05 10:03:17.712root 11241100x80000000000000006961250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fbae6db1e3928e2022-01-05 10:03:17.712root 11241100x80000000000000006961251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84eaed1b8f369862022-01-05 10:03:17.712root 11241100x80000000000000006961252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6adad78e76ad2972022-01-05 10:03:17.712root 11241100x80000000000000006961253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519a36f5dbfa78262022-01-05 10:03:17.712root 11241100x80000000000000006961254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddcad8626e820852022-01-05 10:03:17.712root 11241100x80000000000000006961255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a2f4ecb01c0ad72022-01-05 10:03:17.712root 354300x80000000000000006961256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.103{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41728-false10.0.1.12-8000- 11241100x80000000000000006961257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76674c3838ec6c32022-01-05 10:03:18.105root 11241100x80000000000000006961258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a811f2331b374ca2022-01-05 10:03:18.105root 11241100x80000000000000006961259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02688b8c8516cd652022-01-05 10:03:18.105root 11241100x80000000000000006961260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c4187ebafbe4ca2022-01-05 10:03:18.105root 11241100x80000000000000006961261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547ae1d1725df0d72022-01-05 10:03:18.105root 11241100x80000000000000006961262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4399e21da762c4232022-01-05 10:03:18.105root 11241100x80000000000000006961263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5aa041a04c73642022-01-05 10:03:18.105root 11241100x80000000000000006961264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1b8b8b1f5a35a82022-01-05 10:03:18.105root 11241100x80000000000000006961265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4442aeebb91371262022-01-05 10:03:18.105root 11241100x80000000000000006961266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68589efb25ee9fa02022-01-05 10:03:18.106root 11241100x80000000000000006961267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209f1e8718200a9e2022-01-05 10:03:18.106root 11241100x80000000000000006961268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec75eef4208e7ba2022-01-05 10:03:18.106root 11241100x80000000000000006961269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea866a7755f5a6582022-01-05 10:03:18.106root 11241100x80000000000000006961270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b5280aab5d387c2022-01-05 10:03:18.106root 11241100x80000000000000006961271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83defe987ee375372022-01-05 10:03:18.106root 11241100x80000000000000006961272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e27f490d042ed92022-01-05 10:03:18.106root 11241100x80000000000000006961273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494af4f58c0bfe522022-01-05 10:03:18.106root 11241100x80000000000000006961274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24156d66297f26fe2022-01-05 10:03:18.107root 11241100x80000000000000006961275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85b1bdb9706ec8e2022-01-05 10:03:18.107root 11241100x80000000000000006961276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444fda2e5bdf1e092022-01-05 10:03:18.107root 11241100x80000000000000006961277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958668ed5aba288b2022-01-05 10:03:18.107root 11241100x80000000000000006961278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87663be189a257272022-01-05 10:03:18.107root 11241100x80000000000000006961279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fd206ed14808aa2022-01-05 10:03:18.107root 11241100x80000000000000006961280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a284f1ed763c9bc12022-01-05 10:03:18.107root 11241100x80000000000000006961281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d829f84ea840a3462022-01-05 10:03:18.107root 11241100x80000000000000006961282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185519491d4106492022-01-05 10:03:18.107root 11241100x80000000000000006961283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475f468c630d2d602022-01-05 10:03:18.107root 11241100x80000000000000006961284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.107{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4ad92523881d742022-01-05 10:03:18.107root 11241100x80000000000000006961285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.108{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b521eeec12edd32022-01-05 10:03:18.108root 11241100x80000000000000006961286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.108{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d8bfe71622c0152022-01-05 10:03:18.108root 11241100x80000000000000006961287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.108{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b57f9ebcf690482022-01-05 10:03:18.108root 11241100x80000000000000006961288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7609ab86785f7ce72022-01-05 10:03:18.460root 11241100x80000000000000006961289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99575b0610e28062022-01-05 10:03:18.460root 11241100x80000000000000006961290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df707329f7c464772022-01-05 10:03:18.460root 11241100x80000000000000006961291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48632236e9dd9d082022-01-05 10:03:18.460root 11241100x80000000000000006961292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c11170172c17c502022-01-05 10:03:18.460root 11241100x80000000000000006961293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a781b53ed89c472022-01-05 10:03:18.460root 11241100x80000000000000006961294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7337f69a52dc4fe42022-01-05 10:03:18.461root 11241100x80000000000000006961295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9556b2c8b03b480e2022-01-05 10:03:18.461root 11241100x80000000000000006961296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183c923afc4e8db12022-01-05 10:03:18.461root 11241100x80000000000000006961297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b3dda422466c642022-01-05 10:03:18.461root 11241100x80000000000000006961298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3639c096157d45da2022-01-05 10:03:18.461root 11241100x80000000000000006961299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47f4091130adba52022-01-05 10:03:18.461root 11241100x80000000000000006961300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7f13e865f698412022-01-05 10:03:18.461root 11241100x80000000000000006961301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795d3507d1b61a012022-01-05 10:03:18.461root 11241100x80000000000000006961302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746ce597c65254c52022-01-05 10:03:18.461root 11241100x80000000000000006961303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2795b543966a78f2022-01-05 10:03:18.461root 11241100x80000000000000006961304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014668aa443cb4fd2022-01-05 10:03:18.461root 11241100x80000000000000006961305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a2f92eee1a981d2022-01-05 10:03:18.462root 11241100x80000000000000006961306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d0d1ee703f7bc02022-01-05 10:03:18.462root 11241100x80000000000000006961307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ac57232317f50f2022-01-05 10:03:18.462root 11241100x80000000000000006961308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac845818fe22db42022-01-05 10:03:18.462root 11241100x80000000000000006961309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46c2dc51d2e48372022-01-05 10:03:18.462root 11241100x80000000000000006961310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9491daede7fc8bc32022-01-05 10:03:18.462root 11241100x80000000000000006961311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04801fc2f64c94112022-01-05 10:03:18.462root 11241100x80000000000000006961312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56852794afadd2cb2022-01-05 10:03:18.462root 11241100x80000000000000006961313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416b77caac0897222022-01-05 10:03:18.462root 11241100x80000000000000006961314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c0e21023591a612022-01-05 10:03:18.462root 11241100x80000000000000006961315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c591475903a26f852022-01-05 10:03:18.462root 11241100x80000000000000006961316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e030fe4f8ac481d72022-01-05 10:03:18.462root 11241100x80000000000000006961317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36d89ccfd04b7962022-01-05 10:03:18.462root 11241100x80000000000000006961318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba848c7a6451942022-01-05 10:03:18.462root 11241100x80000000000000006961319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5d209cdd41def02022-01-05 10:03:18.960root 11241100x80000000000000006961320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f88d1f5de1ee82022-01-05 10:03:18.960root 11241100x80000000000000006961321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0649f5ab2ec19f2022-01-05 10:03:18.960root 11241100x80000000000000006961322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2016535faa2ec4472022-01-05 10:03:18.960root 11241100x80000000000000006961323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7165252d4a6fbb92022-01-05 10:03:18.960root 11241100x80000000000000006961324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d541cc65d1217c2022-01-05 10:03:18.960root 11241100x80000000000000006961325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a957aba757b19f2022-01-05 10:03:18.961root 11241100x80000000000000006961326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8a4e62d3b4bd662022-01-05 10:03:18.961root 11241100x80000000000000006961327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9e785aec31c1272022-01-05 10:03:18.961root 11241100x80000000000000006961328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5900ed004f6235e2022-01-05 10:03:18.961root 11241100x80000000000000006961329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2040e5ebc0cdc3a2022-01-05 10:03:18.961root 11241100x80000000000000006961330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6265eae505ff86ba2022-01-05 10:03:18.961root 11241100x80000000000000006961331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b583f00076ab57092022-01-05 10:03:18.961root 11241100x80000000000000006961332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d64069fd40fb02a2022-01-05 10:03:18.961root 11241100x80000000000000006961333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236e616c41070bb62022-01-05 10:03:18.961root 11241100x80000000000000006961334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048c0f57677cdd212022-01-05 10:03:18.961root 11241100x80000000000000006961335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4093fe1b51cb472022-01-05 10:03:18.961root 11241100x80000000000000006961336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998daf09433dc7252022-01-05 10:03:18.961root 11241100x80000000000000006961337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da979fabab43fb32022-01-05 10:03:18.961root 11241100x80000000000000006961338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50867d357ce79632022-01-05 10:03:18.962root 11241100x80000000000000006961339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beba0207505525a2022-01-05 10:03:18.962root 11241100x80000000000000006961340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfac7dca7359db52022-01-05 10:03:18.962root 11241100x80000000000000006961341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab44326b0c4ccfc2022-01-05 10:03:18.962root 11241100x80000000000000006961342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f5be641c7cf2642022-01-05 10:03:18.962root 11241100x80000000000000006961343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbdd523e7e66d782022-01-05 10:03:18.962root 11241100x80000000000000006961344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf447f0327fa9f972022-01-05 10:03:18.962root 11241100x80000000000000006961345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb521b4ead0c00f12022-01-05 10:03:18.962root 11241100x80000000000000006961346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0594cf49ea08bd2022-01-05 10:03:18.962root 11241100x80000000000000006961347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7524c7d3e3317bc2022-01-05 10:03:18.962root 11241100x80000000000000006961348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e565c2784a3bdd2022-01-05 10:03:18.962root 11241100x80000000000000006961349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96663f23c66a4aa22022-01-05 10:03:18.962root 11241100x80000000000000006961350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1838f3d35caf1ac12022-01-05 10:03:19.460root 11241100x80000000000000006961351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1907b1d4c9cc74252022-01-05 10:03:19.460root 11241100x80000000000000006961352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9394f0a9ae9af32022-01-05 10:03:19.460root 11241100x80000000000000006961353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a80b224e09a89f2022-01-05 10:03:19.460root 11241100x80000000000000006961354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a77b33c54f152432022-01-05 10:03:19.460root 11241100x80000000000000006961355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe98dcc2ef235aa2022-01-05 10:03:19.461root 11241100x80000000000000006961356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128a98f59dd756442022-01-05 10:03:19.461root 11241100x80000000000000006961357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee468a4cf2271352022-01-05 10:03:19.461root 11241100x80000000000000006961358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d84a7550ae246632022-01-05 10:03:19.461root 11241100x80000000000000006961359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be16b589b5ce3c32022-01-05 10:03:19.461root 11241100x80000000000000006961360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c467242d7856a812022-01-05 10:03:19.461root 11241100x80000000000000006961361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf8009504d535292022-01-05 10:03:19.462root 11241100x80000000000000006961362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b524038a0a1d386f2022-01-05 10:03:19.462root 11241100x80000000000000006961363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41889d3e413c32812022-01-05 10:03:19.462root 11241100x80000000000000006961364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26650993667bad82022-01-05 10:03:19.462root 11241100x80000000000000006961365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a9617b70d94c022022-01-05 10:03:19.462root 11241100x80000000000000006961366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5d0b0c8eb910892022-01-05 10:03:19.463root 11241100x80000000000000006961367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bd2b24327bd3062022-01-05 10:03:19.463root 11241100x80000000000000006961368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf37b5528049db492022-01-05 10:03:19.463root 11241100x80000000000000006961369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3825dd441ac54e2022-01-05 10:03:19.463root 11241100x80000000000000006961370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7158fc26ba5df82d2022-01-05 10:03:19.463root 11241100x80000000000000006961371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e775b6e3ce7a2ab12022-01-05 10:03:19.463root 11241100x80000000000000006961372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2e388a3b494f8e2022-01-05 10:03:19.463root 11241100x80000000000000006961373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af62089e54bea03f2022-01-05 10:03:19.463root 11241100x80000000000000006961374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3d50bbf35fc1e22022-01-05 10:03:19.463root 11241100x80000000000000006961375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8475cb1a895e4bf2022-01-05 10:03:19.463root 11241100x80000000000000006961376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7d7347791b48252022-01-05 10:03:19.463root 11241100x80000000000000006961377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f24224ae37103d42022-01-05 10:03:19.464root 11241100x80000000000000006961378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcc9423980555932022-01-05 10:03:19.464root 11241100x80000000000000006961379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e7562d720609c52022-01-05 10:03:19.464root 11241100x80000000000000006961380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d0713b8788f6782022-01-05 10:03:19.464root 11241100x80000000000000006961381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f01ca339d1208982022-01-05 10:03:19.960root 11241100x80000000000000006961382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df20d09c872f8fc2022-01-05 10:03:19.960root 11241100x80000000000000006961383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1ce6c9c4b3a1302022-01-05 10:03:19.960root 11241100x80000000000000006961384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6460c4ffef43a72022-01-05 10:03:19.960root 11241100x80000000000000006961385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d593837b7a3cd5c62022-01-05 10:03:19.960root 11241100x80000000000000006961386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808101f663224e962022-01-05 10:03:19.960root 11241100x80000000000000006961387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadb6ea25dcb85d42022-01-05 10:03:19.961root 11241100x80000000000000006961388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea003a995ef412f2022-01-05 10:03:19.961root 11241100x80000000000000006961389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde3e4c4db0f4a132022-01-05 10:03:19.961root 11241100x80000000000000006961390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017556165e89c74d2022-01-05 10:03:19.961root 11241100x80000000000000006961391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ce736d7e3a8722022-01-05 10:03:19.961root 11241100x80000000000000006961392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b0b993935da8ed2022-01-05 10:03:19.962root 11241100x80000000000000006961393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103f6442ce6ed3612022-01-05 10:03:19.962root 11241100x80000000000000006961394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78979ffe9903d442022-01-05 10:03:19.962root 11241100x80000000000000006961395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd1c85f1477adda2022-01-05 10:03:19.962root 11241100x80000000000000006961396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d276bb0058244d2022-01-05 10:03:19.962root 11241100x80000000000000006961397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513c80e9b36e762b2022-01-05 10:03:19.962root 11241100x80000000000000006961398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1c9c03429320072022-01-05 10:03:19.963root 11241100x80000000000000006961399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01c887256c240342022-01-05 10:03:19.963root 11241100x80000000000000006961400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a989926d0acdee7f2022-01-05 10:03:19.963root 11241100x80000000000000006961401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e321d45535f9b9ae2022-01-05 10:03:19.963root 11241100x80000000000000006961402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836ad3aa7c9d0de22022-01-05 10:03:19.963root 11241100x80000000000000006961403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a1af5c314ca2d62022-01-05 10:03:19.963root 11241100x80000000000000006961404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dede52a8912bcba2022-01-05 10:03:19.963root 11241100x80000000000000006961405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438aef70c2c599c32022-01-05 10:03:19.963root 11241100x80000000000000006961406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068f3ecc052133a42022-01-05 10:03:19.963root 11241100x80000000000000006961407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a3c228c7ccec532022-01-05 10:03:19.963root 11241100x80000000000000006961408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa11d0f32399046c2022-01-05 10:03:19.963root 11241100x80000000000000006961409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b074d38bb047bf252022-01-05 10:03:19.964root 11241100x80000000000000006961410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cd41d7a592ff4e2022-01-05 10:03:19.964root 11241100x80000000000000006961411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:19.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07be30dd9ccb87a92022-01-05 10:03:19.964root 11241100x80000000000000006961412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ad51b1c3d4f7132022-01-05 10:03:20.460root 11241100x80000000000000006961413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f57642bbca87cda2022-01-05 10:03:20.460root 11241100x80000000000000006961414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a553ed9921de4c2022-01-05 10:03:20.460root 11241100x80000000000000006961415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec227f905ec04072022-01-05 10:03:20.460root 11241100x80000000000000006961416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42954619dad229ef2022-01-05 10:03:20.460root 11241100x80000000000000006961417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ffe62408ea50ee2022-01-05 10:03:20.460root 11241100x80000000000000006961418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5874cbe06f26ddc2022-01-05 10:03:20.460root 11241100x80000000000000006961419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64f104f917c544b2022-01-05 10:03:20.461root 11241100x80000000000000006961420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f999fafd36e5272022-01-05 10:03:20.461root 11241100x80000000000000006961421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fde33257cabc2bc2022-01-05 10:03:20.461root 11241100x80000000000000006961422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f2c2d6378e0cff2022-01-05 10:03:20.461root 11241100x80000000000000006961423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b62574637afbdda2022-01-05 10:03:20.461root 11241100x80000000000000006961424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49df0d4c3165cdb82022-01-05 10:03:20.461root 11241100x80000000000000006961425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257809fdb0c8aa892022-01-05 10:03:20.461root 11241100x80000000000000006961426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ce645d5f6b2cfc2022-01-05 10:03:20.461root 11241100x80000000000000006961427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dec60b36f523432022-01-05 10:03:20.461root 11241100x80000000000000006961428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1de5393538fa4982022-01-05 10:03:20.462root 11241100x80000000000000006961429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c751670f5728ce032022-01-05 10:03:20.462root 11241100x80000000000000006961430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9770049d1fae1d132022-01-05 10:03:20.462root 11241100x80000000000000006961431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0283e59739ed6cbb2022-01-05 10:03:20.462root 11241100x80000000000000006961432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0aae7d25d4b64b2022-01-05 10:03:20.462root 11241100x80000000000000006961433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b79490d51c9babc2022-01-05 10:03:20.462root 11241100x80000000000000006961434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8687a596bb459b82022-01-05 10:03:20.462root 11241100x80000000000000006961435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa44f357a94006e2022-01-05 10:03:20.462root 11241100x80000000000000006961436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86633fe65f9d2a722022-01-05 10:03:20.462root 11241100x80000000000000006961437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89dc642d9e7dbde2022-01-05 10:03:20.462root 11241100x80000000000000006961438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eae628cc252f3b2022-01-05 10:03:20.463root 11241100x80000000000000006961439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd4f2949bc967752022-01-05 10:03:20.463root 11241100x80000000000000006961440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611c4d804cfef55d2022-01-05 10:03:20.463root 11241100x80000000000000006961441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f214bdb0174c442022-01-05 10:03:20.463root 11241100x80000000000000006961442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0598e8d479dd02702022-01-05 10:03:20.463root 11241100x80000000000000006961443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11863782c02627ea2022-01-05 10:03:20.960root 11241100x80000000000000006961444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b59d3f56fccc1d02022-01-05 10:03:20.960root 11241100x80000000000000006961445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bf02d772e2656a2022-01-05 10:03:20.960root 11241100x80000000000000006961446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1ceb6d1898d1d12022-01-05 10:03:20.960root 11241100x80000000000000006961447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289b70cebb13b53e2022-01-05 10:03:20.960root 11241100x80000000000000006961448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c183ecaa1c63a682022-01-05 10:03:20.961root 11241100x80000000000000006961449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e89684fdd9ba31c2022-01-05 10:03:20.961root 11241100x80000000000000006961450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db27c33ec4dfae12022-01-05 10:03:20.961root 11241100x80000000000000006961451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d3b655840811c02022-01-05 10:03:20.961root 11241100x80000000000000006961452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a544aa4e8d4247542022-01-05 10:03:20.961root 11241100x80000000000000006961453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196dfb38fb76c5942022-01-05 10:03:20.961root 11241100x80000000000000006961454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5803b1a5f1b19d962022-01-05 10:03:20.961root 11241100x80000000000000006961455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ec8c2fd99994d82022-01-05 10:03:20.961root 11241100x80000000000000006961456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5536c10580c29cf02022-01-05 10:03:20.961root 11241100x80000000000000006961457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8196176574ee6ddb2022-01-05 10:03:20.965root 11241100x80000000000000006961458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7fb177d246c40f2022-01-05 10:03:20.966root 11241100x80000000000000006961459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7815273c914d19372022-01-05 10:03:20.966root 11241100x80000000000000006961460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261c87c224ff36e2022-01-05 10:03:20.966root 11241100x80000000000000006961461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161575e69b5d5ac22022-01-05 10:03:20.966root 11241100x80000000000000006961462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dcb5a694fdd8f92022-01-05 10:03:20.966root 11241100x80000000000000006961463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2dc87a9fc2c49d2022-01-05 10:03:20.966root 11241100x80000000000000006961464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0604413d5200926b2022-01-05 10:03:20.966root 11241100x80000000000000006961465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3fef080659660d2022-01-05 10:03:20.966root 11241100x80000000000000006961466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc4b747b2d2a8fc2022-01-05 10:03:20.966root 11241100x80000000000000006961467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b4854a323cc5f72022-01-05 10:03:20.966root 11241100x80000000000000006961468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae1e17081a071cc2022-01-05 10:03:20.966root 11241100x80000000000000006961469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57317b233bf33d12022-01-05 10:03:20.966root 11241100x80000000000000006961470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7a7c7db34ace672022-01-05 10:03:20.966root 11241100x80000000000000006961471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076cff1110a3a7072022-01-05 10:03:20.967root 11241100x80000000000000006961472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11011e0cd777010c2022-01-05 10:03:20.967root 11241100x80000000000000006961473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:20.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d74767bd9afe86c2022-01-05 10:03:20.967root 11241100x80000000000000006961474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d83b07b4e6725a2022-01-05 10:03:21.460root 11241100x80000000000000006961475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b38b1c86d6b5582022-01-05 10:03:21.460root 11241100x80000000000000006961476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9537439d4cf9f08a2022-01-05 10:03:21.460root 11241100x80000000000000006961477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcbbe18f59413e92022-01-05 10:03:21.460root 11241100x80000000000000006961478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07fe26b81baa4072022-01-05 10:03:21.460root 11241100x80000000000000006961479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc89d9ac9d96c5d22022-01-05 10:03:21.461root 11241100x80000000000000006961480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397af3f601decd9b2022-01-05 10:03:21.461root 11241100x80000000000000006961481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233931bba576766b2022-01-05 10:03:21.461root 11241100x80000000000000006961482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1458e6094dce0b5d2022-01-05 10:03:21.461root 11241100x80000000000000006961483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b6938e3c69c6212022-01-05 10:03:21.461root 11241100x80000000000000006961484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da75670868fe4c702022-01-05 10:03:21.461root 11241100x80000000000000006961485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a32947de822a042022-01-05 10:03:21.461root 11241100x80000000000000006961486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ca518b9bfcc28c2022-01-05 10:03:21.461root 11241100x80000000000000006961487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe09153a6d7489e82022-01-05 10:03:21.462root 11241100x80000000000000006961488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc1525e221ec4c32022-01-05 10:03:21.462root 11241100x80000000000000006961489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea31d328ebd220992022-01-05 10:03:21.462root 11241100x80000000000000006961490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f741594c491a88c2022-01-05 10:03:21.462root 11241100x80000000000000006961491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ada198d2fe43182022-01-05 10:03:21.462root 11241100x80000000000000006961492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8edbe4f33b9e3ff2022-01-05 10:03:21.462root 11241100x80000000000000006961493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f0135650c771d22022-01-05 10:03:21.462root 11241100x80000000000000006961494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da7d8afba9abb132022-01-05 10:03:21.463root 11241100x80000000000000006961495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b18a1e6c69301f52022-01-05 10:03:21.463root 11241100x80000000000000006961496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f5e3d2c3a55a0c2022-01-05 10:03:21.463root 11241100x80000000000000006961497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2360e7a94cd8420f2022-01-05 10:03:21.463root 11241100x80000000000000006961498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ae000f944bd1542022-01-05 10:03:21.463root 11241100x80000000000000006961499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a338b900241c007e2022-01-05 10:03:21.463root 11241100x80000000000000006961500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef47ae2442defc62022-01-05 10:03:21.464root 11241100x80000000000000006961501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9373e6c5fa7d11da2022-01-05 10:03:21.464root 11241100x80000000000000006961502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70581473a684f6e2022-01-05 10:03:21.464root 11241100x80000000000000006961503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd9e086e673dc1f2022-01-05 10:03:21.464root 11241100x80000000000000006961504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b9ab630a4cc1f72022-01-05 10:03:21.464root 11241100x80000000000000006961505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad1f9085db43cba2022-01-05 10:03:21.959root 11241100x80000000000000006961506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35c8111ffee8cce2022-01-05 10:03:21.960root 11241100x80000000000000006961507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c37fc9dd253be62022-01-05 10:03:21.960root 11241100x80000000000000006961508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccb3c37120c39a72022-01-05 10:03:21.960root 11241100x80000000000000006961509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3e4f7d8409c38b2022-01-05 10:03:21.960root 11241100x80000000000000006961510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1550a2f19ae8b8d2022-01-05 10:03:21.960root 11241100x80000000000000006961511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125274d1fb78e7ad2022-01-05 10:03:21.960root 11241100x80000000000000006961512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e26f9b7887584772022-01-05 10:03:21.960root 11241100x80000000000000006961513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92716de8a7f921092022-01-05 10:03:21.961root 11241100x80000000000000006961514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa871278c22c0ad2022-01-05 10:03:21.961root 11241100x80000000000000006961515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcce159936c5463a2022-01-05 10:03:21.961root 11241100x80000000000000006961516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fe65f60462f75c2022-01-05 10:03:21.962root 11241100x80000000000000006961517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f5cb75f1ad17db2022-01-05 10:03:21.962root 11241100x80000000000000006961518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea65968d201853492022-01-05 10:03:21.962root 11241100x80000000000000006961519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a476f4a770bede2022-01-05 10:03:21.962root 11241100x80000000000000006961520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f8e3405490fea62022-01-05 10:03:21.962root 11241100x80000000000000006961521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ebf951750d94eb2022-01-05 10:03:21.962root 11241100x80000000000000006961522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfe48207f513f012022-01-05 10:03:21.962root 11241100x80000000000000006961523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69ed0f3e41a5c442022-01-05 10:03:21.962root 11241100x80000000000000006961524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c092261f72ea42412022-01-05 10:03:21.962root 11241100x80000000000000006961525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57346b4d17488b8b2022-01-05 10:03:21.962root 11241100x80000000000000006961526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e37acb2f2b0f242022-01-05 10:03:21.963root 11241100x80000000000000006961527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8a52bbce3fa5592022-01-05 10:03:21.963root 11241100x80000000000000006961528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79f46857efb7c142022-01-05 10:03:21.963root 11241100x80000000000000006961529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307878c3adbb0ccb2022-01-05 10:03:21.963root 11241100x80000000000000006961530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c00f2ed609419122022-01-05 10:03:21.963root 11241100x80000000000000006961531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57a339d3f2cd42f2022-01-05 10:03:21.963root 11241100x80000000000000006961532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9a20f75754ce392022-01-05 10:03:21.963root 11241100x80000000000000006961533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfab89922e5315572022-01-05 10:03:21.963root 11241100x80000000000000006961534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0cf45de66b06312022-01-05 10:03:21.963root 11241100x80000000000000006961535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131f14fa48f6ce8e2022-01-05 10:03:21.963root 11241100x80000000000000006961536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b75ac35c35736b52022-01-05 10:03:21.963root 11241100x80000000000000006961537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fb37594e46220f2022-01-05 10:03:21.963root 11241100x80000000000000006961538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00f912c71af1c502022-01-05 10:03:21.963root 11241100x80000000000000006961539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ad7dfc99a328d2022-01-05 10:03:21.964root 11241100x80000000000000006961540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bd2671828c0b7f2022-01-05 10:03:21.964root 11241100x80000000000000006961541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948943555d82ed6a2022-01-05 10:03:21.964root 11241100x80000000000000006961542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3ec13b3606dd0c2022-01-05 10:03:21.964root 11241100x80000000000000006961543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3446702e199b84442022-01-05 10:03:21.964root 11241100x80000000000000006961544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a7deeb877935222022-01-05 10:03:21.964root 11241100x80000000000000006961545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7121a17f0f90282c2022-01-05 10:03:21.964root 11241100x80000000000000006961546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31723b8dfdfd03712022-01-05 10:03:21.964root 11241100x80000000000000006961547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdb7284336005982022-01-05 10:03:21.964root 11241100x80000000000000006961548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef731dbaceb54f572022-01-05 10:03:21.964root 11241100x80000000000000006961549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc486f6a167236c2022-01-05 10:03:21.964root 11241100x80000000000000006961550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f411d4cf8d1ffb552022-01-05 10:03:21.964root 11241100x80000000000000006961551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8367bb33c0ccf42022-01-05 10:03:21.964root 11241100x80000000000000006961552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:21.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d9d2dcb30f19342022-01-05 10:03:21.964root 11241100x80000000000000006961553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcb88bff9c23a9a2022-01-05 10:03:22.459root 11241100x80000000000000006961554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5db7b6b87d5f16c2022-01-05 10:03:22.459root 11241100x80000000000000006961555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef414a3b04ebee2c2022-01-05 10:03:22.459root 11241100x80000000000000006961556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e8bf41a14f630e2022-01-05 10:03:22.459root 11241100x80000000000000006961557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30fcb496b471c2b2022-01-05 10:03:22.459root 11241100x80000000000000006961558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70925395120a0efd2022-01-05 10:03:22.459root 11241100x80000000000000006961559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3431c72a0e10882022-01-05 10:03:22.459root 11241100x80000000000000006961560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f157d96d14ad312022-01-05 10:03:22.459root 11241100x80000000000000006961561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33eb8dcf688948b22022-01-05 10:03:22.459root 11241100x80000000000000006961562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c704cbf17b4a7652022-01-05 10:03:22.460root 11241100x80000000000000006961563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a9dfb5705c1d482022-01-05 10:03:22.460root 11241100x80000000000000006961564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c887e0546b1930af2022-01-05 10:03:22.460root 11241100x80000000000000006961565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad9d5800776b6c32022-01-05 10:03:22.460root 11241100x80000000000000006961566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede0666a15f22def2022-01-05 10:03:22.460root 11241100x80000000000000006961567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf655ea5914048782022-01-05 10:03:22.460root 11241100x80000000000000006961568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9438ecf8773c38432022-01-05 10:03:22.460root 11241100x80000000000000006961569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817a02e86e8c547f2022-01-05 10:03:22.460root 11241100x80000000000000006961570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe410c08656fd0c32022-01-05 10:03:22.460root 11241100x80000000000000006961571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07febee9e945cfe52022-01-05 10:03:22.460root 11241100x80000000000000006961572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497ae605092919c62022-01-05 10:03:22.460root 11241100x80000000000000006961573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caacb722043373352022-01-05 10:03:22.460root 11241100x80000000000000006961574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cff60658b30a452022-01-05 10:03:22.460root 11241100x80000000000000006961575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fadcc98cd8d2772022-01-05 10:03:22.460root 11241100x80000000000000006961576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae98a0c60c618d832022-01-05 10:03:22.461root 11241100x80000000000000006961577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809c39e4063a95242022-01-05 10:03:22.461root 11241100x80000000000000006961578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47ba90c24bbe0b52022-01-05 10:03:22.461root 11241100x80000000000000006961579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47b3bcf519862492022-01-05 10:03:22.461root 11241100x80000000000000006961580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fce0ad1bf4c11762022-01-05 10:03:22.461root 11241100x80000000000000006961581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2cd295075172a32022-01-05 10:03:22.461root 11241100x80000000000000006961582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23743514dea649562022-01-05 10:03:22.461root 11241100x80000000000000006961583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16960379482c3c6b2022-01-05 10:03:22.462root 11241100x80000000000000006961584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39d11aeb8803c312022-01-05 10:03:22.462root 11241100x80000000000000006961585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf540772a62c9792022-01-05 10:03:22.462root 11241100x80000000000000006961586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349aeb7b1f6abbaf2022-01-05 10:03:22.462root 11241100x80000000000000006961587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3b49d44abf14f92022-01-05 10:03:22.462root 11241100x80000000000000006961588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7995e2f67090ca612022-01-05 10:03:22.462root 11241100x80000000000000006961589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84542f7efa0865cf2022-01-05 10:03:22.462root 11241100x80000000000000006961590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f47a29ebdcf7392022-01-05 10:03:22.462root 11241100x80000000000000006961591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126c5f325d0ece032022-01-05 10:03:22.463root 11241100x80000000000000006961592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4667ceb5055884bf2022-01-05 10:03:22.463root 11241100x80000000000000006961593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1fca13f48815e42022-01-05 10:03:22.463root 11241100x80000000000000006961594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea09749d57b3a1952022-01-05 10:03:22.463root 11241100x80000000000000006961595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a021efce2966fc2022-01-05 10:03:22.463root 11241100x80000000000000006961596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932d1eb306c2d9202022-01-05 10:03:22.463root 11241100x80000000000000006961597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bd1abb2fc9144c2022-01-05 10:03:22.463root 11241100x80000000000000006961598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71be5ab821a3d5d2022-01-05 10:03:22.463root 11241100x80000000000000006961599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e9168e078377b42022-01-05 10:03:22.463root 11241100x80000000000000006961600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923a151811bf2db22022-01-05 10:03:22.463root 11241100x80000000000000006961601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d6a24b0548fba52022-01-05 10:03:22.464root 11241100x80000000000000006961602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fb4910254c2c3a2022-01-05 10:03:22.464root 11241100x80000000000000006961603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92973d26773958e2022-01-05 10:03:22.464root 11241100x80000000000000006961604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de630dfe80999c02022-01-05 10:03:22.464root 11241100x80000000000000006961605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eae98c2a01fc0e2022-01-05 10:03:22.464root 11241100x80000000000000006961606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdff5da4c2466532022-01-05 10:03:22.464root 11241100x80000000000000006961607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba01dc1ba950ad652022-01-05 10:03:22.464root 11241100x80000000000000006961608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd76b55da277dfae2022-01-05 10:03:22.464root 11241100x80000000000000006961609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae85b473614f6bc2022-01-05 10:03:22.465root 11241100x80000000000000006961610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54803724333591132022-01-05 10:03:22.465root 11241100x80000000000000006961611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb17e0dedb12f9482022-01-05 10:03:22.465root 11241100x80000000000000006961612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9299a5cfd948b2382022-01-05 10:03:22.465root 11241100x80000000000000006961613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98da7a5e968cc11b2022-01-05 10:03:22.465root 11241100x80000000000000006961614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40988d7cec50c5d22022-01-05 10:03:22.465root 11241100x80000000000000006961615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522402b64023ae662022-01-05 10:03:22.466root 11241100x80000000000000006961616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb96a8972377a932022-01-05 10:03:22.466root 11241100x80000000000000006961617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4e2f3926ccf12d2022-01-05 10:03:22.466root 11241100x80000000000000006961618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abdf4351279d3be2022-01-05 10:03:22.466root 11241100x80000000000000006961619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14199bf4df22042b2022-01-05 10:03:22.466root 11241100x80000000000000006961620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e16740526e456c2022-01-05 10:03:22.466root 11241100x80000000000000006961621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c9e0adfc21ebcc2022-01-05 10:03:22.466root 11241100x80000000000000006961622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f82bc27057539e12022-01-05 10:03:22.466root 11241100x80000000000000006961623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c088054f16d901282022-01-05 10:03:22.467root 11241100x80000000000000006961624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b7c86f19385ead2022-01-05 10:03:22.467root 11241100x80000000000000006961625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d86ae0b1e814b12022-01-05 10:03:22.467root 11241100x80000000000000006961626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6da9b42d23b3af2022-01-05 10:03:22.467root 11241100x80000000000000006961627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7409d3cb5030872022-01-05 10:03:22.467root 11241100x80000000000000006961628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53a451a356f76db2022-01-05 10:03:22.467root 11241100x80000000000000006961629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fcc6a4972fdcd32022-01-05 10:03:22.467root 11241100x80000000000000006961630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8147fc4a4512f60f2022-01-05 10:03:22.467root 11241100x80000000000000006961631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e839a2cd2e69ce2022-01-05 10:03:22.467root 11241100x80000000000000006961632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f6f28eaea39fa2022-01-05 10:03:22.467root 11241100x80000000000000006961633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7755cc20482180cd2022-01-05 10:03:22.468root 11241100x80000000000000006961634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375c6127bfdbb9a02022-01-05 10:03:22.468root 11241100x80000000000000006961635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb6f17664d228272022-01-05 10:03:22.468root 11241100x80000000000000006961636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b143e0a6dc51a92022-01-05 10:03:22.468root 11241100x80000000000000006961637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90148990f06b505b2022-01-05 10:03:22.468root 11241100x80000000000000006961638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f65000bad2354082022-01-05 10:03:22.468root 11241100x80000000000000006961639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1aad430cd7c042a2022-01-05 10:03:22.468root 11241100x80000000000000006961640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397ac51a0eb63b162022-01-05 10:03:22.469root 11241100x80000000000000006961641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45214a2cc65433ad2022-01-05 10:03:22.469root 11241100x80000000000000006961642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef7d494ddf6d6992022-01-05 10:03:22.469root 11241100x80000000000000006961643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591c2dcf31290dda2022-01-05 10:03:22.469root 11241100x80000000000000006961644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91c39f23fdf61bc2022-01-05 10:03:22.469root 11241100x80000000000000006961645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a20e182c63056b72022-01-05 10:03:22.469root 11241100x80000000000000006961646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d49c85a29d44842022-01-05 10:03:22.469root 11241100x80000000000000006961647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6c0333599d9fd42022-01-05 10:03:22.469root 11241100x80000000000000006961648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a8d7f89ebb357f2022-01-05 10:03:22.469root 11241100x80000000000000006961649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a320fe914a616bd2022-01-05 10:03:22.960root 11241100x80000000000000006961650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f899b299eb143b2022-01-05 10:03:22.960root 11241100x80000000000000006961651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c93033fd2960bd2022-01-05 10:03:22.960root 11241100x80000000000000006961652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73092b4c5e0fe6192022-01-05 10:03:22.960root 11241100x80000000000000006961653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33803573edb16a4c2022-01-05 10:03:22.960root 11241100x80000000000000006961654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0e0ffeb718a8da2022-01-05 10:03:22.961root 11241100x80000000000000006961655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578bb824031b16f32022-01-05 10:03:22.961root 11241100x80000000000000006961656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673ac1f511b91e7a2022-01-05 10:03:22.961root 11241100x80000000000000006961657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11633b82953a7812022-01-05 10:03:22.961root 11241100x80000000000000006961658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40acad0f57182da2022-01-05 10:03:22.961root 11241100x80000000000000006961659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e166e912f9ce67e2022-01-05 10:03:22.961root 11241100x80000000000000006961660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250bf875165fe07f2022-01-05 10:03:22.961root 11241100x80000000000000006961661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb1700a693705022022-01-05 10:03:22.961root 11241100x80000000000000006961662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a11ee93e4e104b12022-01-05 10:03:22.962root 11241100x80000000000000006961663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9f63c3b1e554492022-01-05 10:03:22.962root 11241100x80000000000000006961664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a50a6c221a9fa82022-01-05 10:03:22.962root 11241100x80000000000000006961665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0495cc7ed37d9dc42022-01-05 10:03:22.962root 11241100x80000000000000006961666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9002e869ad4cfe5b2022-01-05 10:03:22.962root 11241100x80000000000000006961667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dfa27500a5e2a32022-01-05 10:03:22.962root 11241100x80000000000000006961668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc118df953787eb2022-01-05 10:03:22.962root 11241100x80000000000000006961669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a583497197c508e22022-01-05 10:03:22.962root 11241100x80000000000000006961670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8546af431ae7d32022-01-05 10:03:22.962root 11241100x80000000000000006961671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e04440eb62060ff2022-01-05 10:03:22.963root 11241100x80000000000000006961672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a56b5d7910dbc0a2022-01-05 10:03:22.963root 11241100x80000000000000006961673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102f6f814ed056b52022-01-05 10:03:22.963root 11241100x80000000000000006961674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365fc1f62b2d8f522022-01-05 10:03:22.963root 11241100x80000000000000006961675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703c1e9d9a72805a2022-01-05 10:03:22.963root 11241100x80000000000000006961676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a5743fd84815642022-01-05 10:03:22.963root 11241100x80000000000000006961677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed930555a3843eb42022-01-05 10:03:22.963root 11241100x80000000000000006961678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1625338d0e144d712022-01-05 10:03:22.963root 11241100x80000000000000006961679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26551f6eb4e15a22022-01-05 10:03:22.963root 354300x80000000000000006961680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.251{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41730-false10.0.1.12-8000- 11241100x80000000000000006961681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed539bad8cd42a62022-01-05 10:03:23.253root 11241100x80000000000000006961682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c50eb572d9fa962022-01-05 10:03:23.253root 11241100x80000000000000006961683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ab90dfc17fb84b2022-01-05 10:03:23.253root 11241100x80000000000000006961684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0691670cc917641c2022-01-05 10:03:23.253root 11241100x80000000000000006961685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa4015909d5c1882022-01-05 10:03:23.253root 11241100x80000000000000006961686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1f488bf3b091452022-01-05 10:03:23.253root 11241100x80000000000000006961687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb32276f09225f62022-01-05 10:03:23.253root 11241100x80000000000000006961688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80da4a5465e006d2022-01-05 10:03:23.253root 11241100x80000000000000006961689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9defb7875fde682022-01-05 10:03:23.253root 11241100x80000000000000006961690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369f6edb5043d27a2022-01-05 10:03:23.253root 11241100x80000000000000006961691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6def9e9896e0b16c2022-01-05 10:03:23.253root 11241100x80000000000000006961692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccd7401189515862022-01-05 10:03:23.253root 11241100x80000000000000006961693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85021aa21be7f0e2022-01-05 10:03:23.254root 11241100x80000000000000006961694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6d3e3b6d1f26cf2022-01-05 10:03:23.254root 11241100x80000000000000006961695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261e039eae7d7a0f2022-01-05 10:03:23.254root 11241100x80000000000000006961696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273309cc400d1bd12022-01-05 10:03:23.254root 11241100x80000000000000006961697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adb191e9285117c2022-01-05 10:03:23.254root 11241100x80000000000000006961698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd198efbf685af22022-01-05 10:03:23.254root 11241100x80000000000000006961699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d535bb5302416f72022-01-05 10:03:23.254root 11241100x80000000000000006961700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cc95da0f574b352022-01-05 10:03:23.254root 11241100x80000000000000006961701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad3c6b5f94046852022-01-05 10:03:23.254root 11241100x80000000000000006961702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dd7cbcc3c1015c2022-01-05 10:03:23.254root 11241100x80000000000000006961703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99eb15a1a2c3b2a2022-01-05 10:03:23.254root 11241100x80000000000000006961704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545390f3b1aa04242022-01-05 10:03:23.254root 11241100x80000000000000006961705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f6f712b6c079d82022-01-05 10:03:23.254root 11241100x80000000000000006961706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14383c97c15d6eb2022-01-05 10:03:23.254root 11241100x80000000000000006961707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60d0f4391cb6c3b2022-01-05 10:03:23.254root 11241100x80000000000000006961708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4b55f2beb1c8072022-01-05 10:03:23.254root 11241100x80000000000000006961709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616a2864bf005bca2022-01-05 10:03:23.255root 11241100x80000000000000006961710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e515c09ad6f35a2022-01-05 10:03:23.255root 11241100x80000000000000006961711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11df0e213812d3ae2022-01-05 10:03:23.255root 11241100x80000000000000006961712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7d139fd60491502022-01-05 10:03:23.255root 11241100x80000000000000006961713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd44e6734615d4192022-01-05 10:03:23.255root 11241100x80000000000000006961714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c8d82f61b612dd2022-01-05 10:03:23.255root 11241100x80000000000000006961715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f54277c132857652022-01-05 10:03:23.255root 11241100x80000000000000006961716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f580950e30115f12022-01-05 10:03:23.255root 11241100x80000000000000006961717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f157a6174de25c52022-01-05 10:03:23.255root 11241100x80000000000000006961718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2ef2b12c0895f62022-01-05 10:03:23.255root 11241100x80000000000000006961719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da36231c0ad6cc6e2022-01-05 10:03:23.256root 11241100x80000000000000006961720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cd2cfe15ac6cf52022-01-05 10:03:23.256root 11241100x80000000000000006961721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57e7cb49144abf12022-01-05 10:03:23.256root 11241100x80000000000000006961722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378fa64b7d24e0212022-01-05 10:03:23.256root 11241100x80000000000000006961723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b992d15509870f2022-01-05 10:03:23.256root 11241100x80000000000000006961724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235c09604d1e00d42022-01-05 10:03:23.710root 11241100x80000000000000006961725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c956054f02cd59eb2022-01-05 10:03:23.710root 11241100x80000000000000006961726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e524212f5b22c5fd2022-01-05 10:03:23.710root 11241100x80000000000000006961727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906798394fc93ecb2022-01-05 10:03:23.710root 11241100x80000000000000006961728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f40c9a9567af9382022-01-05 10:03:23.711root 11241100x80000000000000006961729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada9c5b2620c2f582022-01-05 10:03:23.711root 11241100x80000000000000006961730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2a19348c4566182022-01-05 10:03:23.711root 11241100x80000000000000006961731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63539a2927e073bf2022-01-05 10:03:23.711root 11241100x80000000000000006961732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fc12709b2703c52022-01-05 10:03:23.712root 11241100x80000000000000006961733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b0b6b093fa67f32022-01-05 10:03:23.712root 11241100x80000000000000006961734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b6160a358a6ca62022-01-05 10:03:23.712root 11241100x80000000000000006961735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f06213418ef6912022-01-05 10:03:23.712root 11241100x80000000000000006961736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6209f4e2f5cec852022-01-05 10:03:23.713root 11241100x80000000000000006961737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e489d4e04a2c0582022-01-05 10:03:23.713root 11241100x80000000000000006961738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa714be6b5da8e652022-01-05 10:03:23.713root 11241100x80000000000000006961739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0bca90cae29fc92022-01-05 10:03:23.714root 11241100x80000000000000006961740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10352cf9f77ea93d2022-01-05 10:03:23.714root 11241100x80000000000000006961741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6aa352f5eb875c2022-01-05 10:03:23.714root 11241100x80000000000000006961742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef4510e09cf09312022-01-05 10:03:23.714root 11241100x80000000000000006961743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc55a4515d3ae8372022-01-05 10:03:23.714root 11241100x80000000000000006961744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767dbec8270b4cff2022-01-05 10:03:23.714root 11241100x80000000000000006961745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5368af7422d142f22022-01-05 10:03:23.714root 11241100x80000000000000006961746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be71c2bcf79ef02f2022-01-05 10:03:23.714root 11241100x80000000000000006961747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8b72f8d03180472022-01-05 10:03:23.714root 11241100x80000000000000006961748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82d58a1e5af38162022-01-05 10:03:23.715root 11241100x80000000000000006961749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7733429893bf738f2022-01-05 10:03:23.715root 11241100x80000000000000006961750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e7dc04cf715ff92022-01-05 10:03:23.715root 11241100x80000000000000006961751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d3e6d2ef8467ed2022-01-05 10:03:23.715root 11241100x80000000000000006961752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb1231f6765e31b2022-01-05 10:03:23.717root 11241100x80000000000000006961753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b88dacdf48dd2d2022-01-05 10:03:23.717root 11241100x80000000000000006961754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97667fa8d89877f2022-01-05 10:03:23.717root 11241100x80000000000000006961755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:23.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce43075c4539ff562022-01-05 10:03:23.717root 11241100x80000000000000006961756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad2279c4661f7872022-01-05 10:03:24.210root 11241100x80000000000000006961757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993f98225b68adb82022-01-05 10:03:24.210root 11241100x80000000000000006961758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecd4f0c055e071a2022-01-05 10:03:24.210root 11241100x80000000000000006961759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea3e1f62a2a8b292022-01-05 10:03:24.210root 11241100x80000000000000006961760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7171ca8a76e7b3272022-01-05 10:03:24.211root 11241100x80000000000000006961761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1420dc74198b52a82022-01-05 10:03:24.211root 11241100x80000000000000006961762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb34bf3325eecb5a2022-01-05 10:03:24.211root 11241100x80000000000000006961763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384b560a814ea9172022-01-05 10:03:24.211root 11241100x80000000000000006961764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad4577493c778392022-01-05 10:03:24.211root 11241100x80000000000000006961765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b50bac9bdaba482022-01-05 10:03:24.211root 11241100x80000000000000006961766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6a1c6563ec886d2022-01-05 10:03:24.211root 11241100x80000000000000006961767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7d653015215b3a2022-01-05 10:03:24.211root 11241100x80000000000000006961768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86556b6920aa671d2022-01-05 10:03:24.211root 11241100x80000000000000006961769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e758b1acae69c22022-01-05 10:03:24.211root 11241100x80000000000000006961770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed0abc146d169012022-01-05 10:03:24.211root 11241100x80000000000000006961771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929e812e5f8356382022-01-05 10:03:24.211root 11241100x80000000000000006961772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7474129b36c5d9012022-01-05 10:03:24.212root 11241100x80000000000000006961773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aba6b3fa0e94c9a2022-01-05 10:03:24.212root 11241100x80000000000000006961774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b84855c07c17da2022-01-05 10:03:24.212root 11241100x80000000000000006961775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07434656aaae5b052022-01-05 10:03:24.212root 11241100x80000000000000006961776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaacfaa548f07f22022-01-05 10:03:24.212root 11241100x80000000000000006961777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf40bfb40a3c24572022-01-05 10:03:24.212root 11241100x80000000000000006961778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91021310854e81c22022-01-05 10:03:24.212root 11241100x80000000000000006961779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eef5c25408006572022-01-05 10:03:24.212root 11241100x80000000000000006961780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d6d71b01a7480d2022-01-05 10:03:24.212root 11241100x80000000000000006961781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6259b3cca18755822022-01-05 10:03:24.212root 11241100x80000000000000006961782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61abaebd970eee72022-01-05 10:03:24.212root 11241100x80000000000000006961783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1029cc79eb3c6f0d2022-01-05 10:03:24.212root 11241100x80000000000000006961784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa27bb9c3b59e7502022-01-05 10:03:24.212root 11241100x80000000000000006961785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d52b78b7e7ddde2022-01-05 10:03:24.212root 11241100x80000000000000006961786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1928c21250c519ac2022-01-05 10:03:24.213root 11241100x80000000000000006961787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4085a8ed27b8f6e42022-01-05 10:03:24.213root 11241100x80000000000000006961788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa55f4975ee39582022-01-05 10:03:24.710root 11241100x80000000000000006961789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c2960e87611cd22022-01-05 10:03:24.710root 11241100x80000000000000006961790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee3b5a409d0c1f42022-01-05 10:03:24.710root 11241100x80000000000000006961791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e31551633bb4c92022-01-05 10:03:24.710root 11241100x80000000000000006961792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1626190ae5af8d2022-01-05 10:03:24.711root 11241100x80000000000000006961793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b2e32511f64d192022-01-05 10:03:24.711root 11241100x80000000000000006961794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950104bfea97c2ac2022-01-05 10:03:24.711root 11241100x80000000000000006961795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8e5bf0668727162022-01-05 10:03:24.711root 11241100x80000000000000006961796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c970952a8e367d72022-01-05 10:03:24.711root 11241100x80000000000000006961797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29883e218ef51e72022-01-05 10:03:24.711root 11241100x80000000000000006961798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c812e40f2c7dac962022-01-05 10:03:24.712root 11241100x80000000000000006961799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c9991fa18bfa8e2022-01-05 10:03:24.712root 11241100x80000000000000006961800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cb6ebc739dde4d2022-01-05 10:03:24.712root 11241100x80000000000000006961801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0874dfa26d90a8052022-01-05 10:03:24.712root 11241100x80000000000000006961802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617bd42678dfe7902022-01-05 10:03:24.712root 11241100x80000000000000006961803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a6667976e9669d2022-01-05 10:03:24.712root 11241100x80000000000000006961804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5675ffe15c08dfec2022-01-05 10:03:24.714root 11241100x80000000000000006961805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdf3ba6adda891b2022-01-05 10:03:24.714root 11241100x80000000000000006961806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5913bc227f04022022-01-05 10:03:24.714root 11241100x80000000000000006961807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31ba9e6de2585092022-01-05 10:03:24.714root 11241100x80000000000000006961808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727273da3d88348e2022-01-05 10:03:24.714root 11241100x80000000000000006961809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc31864f5cbbed752022-01-05 10:03:24.715root 11241100x80000000000000006961810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89d8edd25d61d732022-01-05 10:03:24.715root 11241100x80000000000000006961811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecdcfc181a980a92022-01-05 10:03:24.715root 11241100x80000000000000006961812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d4882ddac1aac32022-01-05 10:03:24.715root 11241100x80000000000000006961813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b426a555fc8a3f52022-01-05 10:03:24.716root 11241100x80000000000000006961814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f6d6fdbf9da5032022-01-05 10:03:24.716root 11241100x80000000000000006961815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92adede405edf2622022-01-05 10:03:24.716root 11241100x80000000000000006961816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46bc8dda11888c22022-01-05 10:03:24.716root 11241100x80000000000000006961817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b95599440a632ab2022-01-05 10:03:24.716root 11241100x80000000000000006961818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913c711e112f5b62022-01-05 10:03:24.717root 11241100x80000000000000006961819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:24.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b7b73549b74bf42022-01-05 10:03:24.717root 11241100x80000000000000006961820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5677d637413a5c002022-01-05 10:03:25.210root 11241100x80000000000000006961821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355fe2f76f93900c2022-01-05 10:03:25.211root 11241100x80000000000000006961822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2388dca55c3b122022-01-05 10:03:25.211root 11241100x80000000000000006961823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c43264e3456a0272022-01-05 10:03:25.211root 11241100x80000000000000006961824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4970cf770acaa2dc2022-01-05 10:03:25.211root 11241100x80000000000000006961825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83f8218ef4de5682022-01-05 10:03:25.211root 11241100x80000000000000006961826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad04addea13f8faa2022-01-05 10:03:25.211root 11241100x80000000000000006961827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016bba80f49aa6a62022-01-05 10:03:25.211root 11241100x80000000000000006961828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fe762136f7fad02022-01-05 10:03:25.212root 11241100x80000000000000006961829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1a2e00f7b571602022-01-05 10:03:25.212root 11241100x80000000000000006961830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09132fda95f221682022-01-05 10:03:25.212root 11241100x80000000000000006961831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5225ea40c96b1c52022-01-05 10:03:25.212root 11241100x80000000000000006961832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e7ea77631807e42022-01-05 10:03:25.212root 11241100x80000000000000006961833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa49bf7d1b623b92022-01-05 10:03:25.212root 11241100x80000000000000006961834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f0f796a1e25c742022-01-05 10:03:25.212root 11241100x80000000000000006961835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2400b65d1fee90a62022-01-05 10:03:25.212root 11241100x80000000000000006961836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a5bb150b288ebf2022-01-05 10:03:25.213root 11241100x80000000000000006961837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdfe3b8e114e1732022-01-05 10:03:25.213root 11241100x80000000000000006961838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e501a76a247d52022-01-05 10:03:25.213root 11241100x80000000000000006961839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a34acb2ab1a63782022-01-05 10:03:25.213root 11241100x80000000000000006961840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34afa0bc83b56bb02022-01-05 10:03:25.213root 11241100x80000000000000006961841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f433317d8bee21f2022-01-05 10:03:25.213root 11241100x80000000000000006961842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b78e9a2338c0f912022-01-05 10:03:25.213root 11241100x80000000000000006961843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df6517df29e8d972022-01-05 10:03:25.213root 11241100x80000000000000006961844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14be067267d47ba12022-01-05 10:03:25.213root 11241100x80000000000000006961845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67289cfbc1dc0eca2022-01-05 10:03:25.213root 11241100x80000000000000006961846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f28c2d358ce6f872022-01-05 10:03:25.213root 11241100x80000000000000006961847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9822248ff1ebdacb2022-01-05 10:03:25.213root 11241100x80000000000000006961848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e4eda885b1d5722022-01-05 10:03:25.214root 11241100x80000000000000006961849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6388b02d84b87c972022-01-05 10:03:25.214root 11241100x80000000000000006961850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b57e521efd201862022-01-05 10:03:25.214root 11241100x80000000000000006961851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059f67f17bd453db2022-01-05 10:03:25.214root 11241100x80000000000000006961852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4a5a4e904c34072022-01-05 10:03:25.710root 11241100x80000000000000006961853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490524e75c062f402022-01-05 10:03:25.711root 11241100x80000000000000006961854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c70c23ab3261fd42022-01-05 10:03:25.712root 11241100x80000000000000006961855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d920277031b4eef2022-01-05 10:03:25.712root 11241100x80000000000000006961856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83392995c12e6a072022-01-05 10:03:25.712root 11241100x80000000000000006961857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e61adffa80dfdfa2022-01-05 10:03:25.712root 11241100x80000000000000006961858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fc9b6cd12048ba2022-01-05 10:03:25.712root 11241100x80000000000000006961859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385086bd752958182022-01-05 10:03:25.712root 11241100x80000000000000006961860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f01b22afd9d364a2022-01-05 10:03:25.712root 11241100x80000000000000006961861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97132cfe701f5c1d2022-01-05 10:03:25.712root 11241100x80000000000000006961862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cec8577f39df932022-01-05 10:03:25.712root 11241100x80000000000000006961863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4993a888b9c6ecab2022-01-05 10:03:25.712root 11241100x80000000000000006961864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e10902151a3107f2022-01-05 10:03:25.712root 11241100x80000000000000006961865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b70bb9b64c509852022-01-05 10:03:25.713root 11241100x80000000000000006961866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677835575da8a5782022-01-05 10:03:25.713root 11241100x80000000000000006961867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aad2e6a6f8c4e032022-01-05 10:03:25.713root 11241100x80000000000000006961868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d4dafe5a08e41f2022-01-05 10:03:25.713root 11241100x80000000000000006961869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c83b85b62431a92022-01-05 10:03:25.713root 11241100x80000000000000006961870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423b3dd3c75829482022-01-05 10:03:25.713root 11241100x80000000000000006961871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87ac0b696c95e0a2022-01-05 10:03:25.713root 11241100x80000000000000006961872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b1e41f677acdee2022-01-05 10:03:25.713root 11241100x80000000000000006961873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4121804203269b6f2022-01-05 10:03:25.713root 11241100x80000000000000006961874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b9f2feea16098f2022-01-05 10:03:25.713root 11241100x80000000000000006961875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e038cae39a2610052022-01-05 10:03:25.713root 11241100x80000000000000006961876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632ffd3c9b0c720e2022-01-05 10:03:25.713root 11241100x80000000000000006961877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a283a0db8464f92022-01-05 10:03:25.713root 11241100x80000000000000006961878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edab69e8d554f6282022-01-05 10:03:25.713root 11241100x80000000000000006961879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ca9fc9d7aed2462022-01-05 10:03:25.714root 11241100x80000000000000006961880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f91659ffb0f3db2022-01-05 10:03:25.714root 11241100x80000000000000006961881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af08f315a4d992d32022-01-05 10:03:25.714root 11241100x80000000000000006961882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844d837282867a6b2022-01-05 10:03:25.714root 11241100x80000000000000006961883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:25.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54681cbf9d4aa01f2022-01-05 10:03:25.714root 11241100x80000000000000006961884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1bd5ea9e61a4402022-01-05 10:03:26.210root 11241100x80000000000000006961885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9334508ce4223e2022-01-05 10:03:26.210root 11241100x80000000000000006961886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19703f749f206cb22022-01-05 10:03:26.210root 11241100x80000000000000006961887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7f7627780cff152022-01-05 10:03:26.210root 11241100x80000000000000006961888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bdefc955f8ae152022-01-05 10:03:26.210root 11241100x80000000000000006961889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c378a4951a88629e2022-01-05 10:03:26.211root 11241100x80000000000000006961890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668cce65215067cb2022-01-05 10:03:26.211root 11241100x80000000000000006961891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a56acda44d37d262022-01-05 10:03:26.211root 11241100x80000000000000006961892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6ce517bb63b9802022-01-05 10:03:26.211root 11241100x80000000000000006961893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8f1013caa48ae22022-01-05 10:03:26.211root 11241100x80000000000000006961894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0df6363f9154cd2022-01-05 10:03:26.211root 11241100x80000000000000006961895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9390e769a532e1ce2022-01-05 10:03:26.211root 11241100x80000000000000006961896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73d346d832815852022-01-05 10:03:26.211root 11241100x80000000000000006961897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1d583636e8a6932022-01-05 10:03:26.211root 11241100x80000000000000006961898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d20cb6fd4b535c2022-01-05 10:03:26.211root 11241100x80000000000000006961899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4059150d7be52ec02022-01-05 10:03:26.211root 11241100x80000000000000006961900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a624aff9e3832c82022-01-05 10:03:26.211root 11241100x80000000000000006961901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e2c9f5777ab5a52022-01-05 10:03:26.211root 11241100x80000000000000006961902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896d8c2a3b6561742022-01-05 10:03:26.212root 11241100x80000000000000006961903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b13f76c26f364462022-01-05 10:03:26.212root 11241100x80000000000000006961904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed81376f15a784f12022-01-05 10:03:26.212root 11241100x80000000000000006961905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6ed0f1729192d42022-01-05 10:03:26.212root 11241100x80000000000000006961906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402e83c4e633d5532022-01-05 10:03:26.212root 11241100x80000000000000006961907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fc690ad4047ae42022-01-05 10:03:26.212root 11241100x80000000000000006961908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1fbad50fbded062022-01-05 10:03:26.212root 11241100x80000000000000006961909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35779c9826ee0e72022-01-05 10:03:26.212root 11241100x80000000000000006961910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56b737a1bd6e3012022-01-05 10:03:26.212root 11241100x80000000000000006961911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dc8f0867fadc302022-01-05 10:03:26.212root 11241100x80000000000000006961912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68346cfb6b21bfdf2022-01-05 10:03:26.212root 11241100x80000000000000006961913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c891f59622a860712022-01-05 10:03:26.212root 11241100x80000000000000006961914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd0bd0b0aa56d132022-01-05 10:03:26.212root 11241100x80000000000000006961915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62b9b770a7b1ad22022-01-05 10:03:26.212root 11241100x80000000000000006961916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d4cf4507631a232022-01-05 10:03:26.710root 11241100x80000000000000006961917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68016abaa04e97222022-01-05 10:03:26.710root 11241100x80000000000000006961918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcd5701334972dc2022-01-05 10:03:26.711root 11241100x80000000000000006961919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b81dbb0c6ab7182022-01-05 10:03:26.711root 11241100x80000000000000006961920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fc96784699bf3c2022-01-05 10:03:26.711root 11241100x80000000000000006961921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedc703baa1c06682022-01-05 10:03:26.711root 11241100x80000000000000006961922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348e8e6485fecdfb2022-01-05 10:03:26.711root 11241100x80000000000000006961923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899ac9d32467137d2022-01-05 10:03:26.711root 11241100x80000000000000006961924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd063d86cb71212f2022-01-05 10:03:26.711root 11241100x80000000000000006961925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2916b9d82e830ee2022-01-05 10:03:26.711root 11241100x80000000000000006961926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029b622787d904bf2022-01-05 10:03:26.711root 11241100x80000000000000006961927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd5f4442417b28d2022-01-05 10:03:26.711root 11241100x80000000000000006961928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6147ffd8166cc9da2022-01-05 10:03:26.711root 11241100x80000000000000006961929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818e1a41bbfbbdca2022-01-05 10:03:26.711root 11241100x80000000000000006961930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd2ffb924f84e2d2022-01-05 10:03:26.712root 11241100x80000000000000006961931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e754b49361b589e2022-01-05 10:03:26.712root 11241100x80000000000000006961932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e420a05c3c4bf042022-01-05 10:03:26.712root 11241100x80000000000000006961933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577ad8f45518e4882022-01-05 10:03:26.712root 11241100x80000000000000006961934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28773b481adba802022-01-05 10:03:26.712root 11241100x80000000000000006961935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d06143a8b67a81d2022-01-05 10:03:26.712root 11241100x80000000000000006961936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8ac117e35bb4ca2022-01-05 10:03:26.712root 11241100x80000000000000006961937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f04ee7e44384bed2022-01-05 10:03:26.712root 11241100x80000000000000006961938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5badead8e41f97a92022-01-05 10:03:26.712root 11241100x80000000000000006961939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bf954deed703452022-01-05 10:03:26.712root 11241100x80000000000000006961940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7011f49a61e550eb2022-01-05 10:03:26.712root 11241100x80000000000000006961941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7118925a9ec432f92022-01-05 10:03:26.712root 11241100x80000000000000006961942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b13176210090d42022-01-05 10:03:26.712root 11241100x80000000000000006961943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804448f8e7c014902022-01-05 10:03:26.712root 11241100x80000000000000006961944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbbfd10469be5822022-01-05 10:03:26.713root 11241100x80000000000000006961945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54859709dd21431f2022-01-05 10:03:26.714root 11241100x80000000000000006961946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4705bae11cc5d02022-01-05 10:03:26.714root 11241100x80000000000000006961947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:26.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6908c2eb02b07c22022-01-05 10:03:26.714root 11241100x80000000000000006961948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a92cb53775737612022-01-05 10:03:27.210root 11241100x80000000000000006961949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13baa2f6c5eb58992022-01-05 10:03:27.210root 11241100x80000000000000006961950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b8891879e5b7952022-01-05 10:03:27.210root 11241100x80000000000000006961951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b74f8bd099cfd82022-01-05 10:03:27.210root 11241100x80000000000000006961952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037ab63a4095cbda2022-01-05 10:03:27.211root 11241100x80000000000000006961953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5f0b12427873142022-01-05 10:03:27.211root 11241100x80000000000000006961954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39946454b433930a2022-01-05 10:03:27.211root 11241100x80000000000000006961955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbb31189338b7b72022-01-05 10:03:27.211root 11241100x80000000000000006961956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f195b078d6c8bdda2022-01-05 10:03:27.211root 11241100x80000000000000006961957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c62dbd63203cc8f2022-01-05 10:03:27.211root 11241100x80000000000000006961958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4792143afefa66322022-01-05 10:03:27.212root 11241100x80000000000000006961959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc14bac208459a72022-01-05 10:03:27.212root 11241100x80000000000000006961960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae10e19bc4102e312022-01-05 10:03:27.212root 11241100x80000000000000006961961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dbf3e9c7916d882022-01-05 10:03:27.212root 11241100x80000000000000006961962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438528501b86e9722022-01-05 10:03:27.212root 11241100x80000000000000006961963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd05bdea2fca6172022-01-05 10:03:27.212root 11241100x80000000000000006961964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e66f5662ec2fdbe2022-01-05 10:03:27.212root 11241100x80000000000000006961965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945c17320c5c9d8b2022-01-05 10:03:27.212root 11241100x80000000000000006961966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c41ae703faf177b2022-01-05 10:03:27.212root 11241100x80000000000000006961967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1302bd1fe6e18382022-01-05 10:03:27.213root 11241100x80000000000000006961968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b00005680c79522022-01-05 10:03:27.213root 11241100x80000000000000006961969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31f48572aab79312022-01-05 10:03:27.213root 11241100x80000000000000006961970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f2930b8888b43d2022-01-05 10:03:27.213root 11241100x80000000000000006961971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0318df076ab462e2022-01-05 10:03:27.213root 11241100x80000000000000006961972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec355873c9e753d2022-01-05 10:03:27.213root 11241100x80000000000000006961973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecf3d52ac3d6c1c2022-01-05 10:03:27.213root 11241100x80000000000000006961974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaf733d70caf7f82022-01-05 10:03:27.214root 11241100x80000000000000006961975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd40fe6314ff512022-01-05 10:03:27.214root 11241100x80000000000000006961976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea588d8c6c1424e2022-01-05 10:03:27.214root 11241100x80000000000000006961977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3cc6793905fd152022-01-05 10:03:27.214root 11241100x80000000000000006961978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abff7830739f1752022-01-05 10:03:27.214root 11241100x80000000000000006961979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2c181f673807412022-01-05 10:03:27.214root 11241100x80000000000000006961980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9f765c62bef7ad2022-01-05 10:03:27.711root 11241100x80000000000000006961981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f50fd87a98c5c72022-01-05 10:03:27.711root 11241100x80000000000000006961982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2510d88939f85b932022-01-05 10:03:27.711root 11241100x80000000000000006961983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14e5316f967124b2022-01-05 10:03:27.711root 11241100x80000000000000006961984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2503fc35314e2af32022-01-05 10:03:27.711root 11241100x80000000000000006961985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7660eb6d3db2212022-01-05 10:03:27.711root 11241100x80000000000000006961986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d1d81d696b4cee2022-01-05 10:03:27.711root 11241100x80000000000000006961987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196b698f3a2c85132022-01-05 10:03:27.711root 11241100x80000000000000006961988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b0921c5dd6b6a2022-01-05 10:03:27.712root 11241100x80000000000000006961989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f12ea2144a94d92022-01-05 10:03:27.712root 11241100x80000000000000006961990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a9ad556feadde92022-01-05 10:03:27.712root 11241100x80000000000000006961991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d0a9b6395e1f122022-01-05 10:03:27.712root 11241100x80000000000000006961992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887309b8088a892b2022-01-05 10:03:27.713root 11241100x80000000000000006961993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917f0c9d4af99cfa2022-01-05 10:03:27.713root 11241100x80000000000000006961994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a093975b564984512022-01-05 10:03:27.714root 11241100x80000000000000006961995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d1d1b42e062add2022-01-05 10:03:27.714root 11241100x80000000000000006961996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036e6b55a20148102022-01-05 10:03:27.714root 11241100x80000000000000006961997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eaf44b95367fd72022-01-05 10:03:27.714root 11241100x80000000000000006961998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e079d090d95c002022-01-05 10:03:27.714root 11241100x80000000000000006961999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e2fc3cabc08d1c2022-01-05 10:03:27.714root 11241100x80000000000000006962000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8daf2f180bb9f292022-01-05 10:03:27.714root 11241100x80000000000000006962001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2a72a7594f477d2022-01-05 10:03:27.714root 11241100x80000000000000006962002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dde9f03df8d8ba52022-01-05 10:03:27.715root 11241100x80000000000000006962003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79adca941c53ec52022-01-05 10:03:27.715root 11241100x80000000000000006962004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c641449cf99db1632022-01-05 10:03:27.715root 11241100x80000000000000006962005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633ae56731d627442022-01-05 10:03:27.715root 11241100x80000000000000006962006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69370e88065d71e2022-01-05 10:03:27.715root 11241100x80000000000000006962007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789c4aadc45bc2b62022-01-05 10:03:27.715root 11241100x80000000000000006962008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae9e0d1a3ec39f82022-01-05 10:03:27.715root 11241100x80000000000000006962009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d78fa7a3b870ad2022-01-05 10:03:27.715root 11241100x80000000000000006962010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e2d9d8a63624912022-01-05 10:03:27.719root 11241100x80000000000000006962011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:27.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2790d5d575f8e26c2022-01-05 10:03:27.719root 11241100x80000000000000006962012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdb0ad998b95b192022-01-05 10:03:28.210root 11241100x80000000000000006962013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0020b36dedffc52022-01-05 10:03:28.210root 11241100x80000000000000006962014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41bd36fbb5a79172022-01-05 10:03:28.210root 11241100x80000000000000006962015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6aedc059d210b72022-01-05 10:03:28.211root 11241100x80000000000000006962016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2857fad0ad378da12022-01-05 10:03:28.211root 11241100x80000000000000006962017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1884af5e7a7818032022-01-05 10:03:28.211root 11241100x80000000000000006962018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e96bd469e4443852022-01-05 10:03:28.211root 11241100x80000000000000006962019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be4fa413c8a0dc72022-01-05 10:03:28.211root 11241100x80000000000000006962020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14f2c6e2005d3812022-01-05 10:03:28.211root 11241100x80000000000000006962021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714596f97ed06c822022-01-05 10:03:28.211root 11241100x80000000000000006962022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95405b20a6b6fe512022-01-05 10:03:28.211root 11241100x80000000000000006962023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3059d2db7118ec352022-01-05 10:03:28.211root 11241100x80000000000000006962024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4261ea5b3916aa52022-01-05 10:03:28.211root 11241100x80000000000000006962025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb2b49eba93cc912022-01-05 10:03:28.211root 11241100x80000000000000006962026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd619ebad53ed782022-01-05 10:03:28.212root 11241100x80000000000000006962027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83575bd59acbaac42022-01-05 10:03:28.212root 11241100x80000000000000006962028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c227d587faff0392022-01-05 10:03:28.212root 11241100x80000000000000006962029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcd6eadd0dcc76b2022-01-05 10:03:28.212root 11241100x80000000000000006962030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72829a63e9a578f2022-01-05 10:03:28.212root 11241100x80000000000000006962031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d180198635d5ad012022-01-05 10:03:28.212root 11241100x80000000000000006962032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e50fbe216b00282022-01-05 10:03:28.212root 11241100x80000000000000006962033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951ca5818d4e0c2c2022-01-05 10:03:28.212root 11241100x80000000000000006962034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4050e0530856fb222022-01-05 10:03:28.212root 11241100x80000000000000006962035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72a35c6337a7eaa2022-01-05 10:03:28.212root 11241100x80000000000000006962036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efca432fa9bd55882022-01-05 10:03:28.213root 11241100x80000000000000006962037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51e1ee492c977b2022-01-05 10:03:28.213root 11241100x80000000000000006962038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f1100e969e7b5f2022-01-05 10:03:28.213root 11241100x80000000000000006962039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e9998c57e4a5b82022-01-05 10:03:28.213root 11241100x80000000000000006962040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd526763de7183f72022-01-05 10:03:28.213root 11241100x80000000000000006962041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20900023b2d9c6002022-01-05 10:03:28.213root 11241100x80000000000000006962042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b13fc3cbd607b352022-01-05 10:03:28.213root 11241100x80000000000000006962043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d03c346620fa612022-01-05 10:03:28.214root 11241100x80000000000000006962044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866f839caf1c97052022-01-05 10:03:28.710root 11241100x80000000000000006962045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378d66ed00effb682022-01-05 10:03:28.710root 11241100x80000000000000006962046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10098ca1063ce35a2022-01-05 10:03:28.711root 11241100x80000000000000006962047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5194cdb4d008c5fb2022-01-05 10:03:28.711root 11241100x80000000000000006962048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9438843feadddd4b2022-01-05 10:03:28.711root 11241100x80000000000000006962049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f0f23a9aea55f42022-01-05 10:03:28.711root 11241100x80000000000000006962050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb9ac88032534192022-01-05 10:03:28.711root 11241100x80000000000000006962051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d806ec0050650322022-01-05 10:03:28.712root 11241100x80000000000000006962052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d342d3341822baf2022-01-05 10:03:28.712root 11241100x80000000000000006962053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f133c85b6c07146e2022-01-05 10:03:28.712root 11241100x80000000000000006962054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88ebdce64f5c8742022-01-05 10:03:28.712root 11241100x80000000000000006962055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96519d7d194699e92022-01-05 10:03:28.712root 11241100x80000000000000006962056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685b7d2cd992c8b42022-01-05 10:03:28.712root 11241100x80000000000000006962057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd80cae300cf2d22022-01-05 10:03:28.713root 11241100x80000000000000006962058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961d529d107dd7ea2022-01-05 10:03:28.713root 11241100x80000000000000006962059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98e90129cefc3bb2022-01-05 10:03:28.713root 11241100x80000000000000006962060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e1371078a9d2b62022-01-05 10:03:28.713root 11241100x80000000000000006962061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebb000bb7662dca2022-01-05 10:03:28.713root 11241100x80000000000000006962062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e475b341bf2626272022-01-05 10:03:28.714root 11241100x80000000000000006962063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cab2541c6c194f2022-01-05 10:03:28.714root 11241100x80000000000000006962064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2255567c40a3f0052022-01-05 10:03:28.714root 11241100x80000000000000006962065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c372ebd120dabf2022-01-05 10:03:28.714root 11241100x80000000000000006962066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8061ec84d4a7f92022-01-05 10:03:28.714root 11241100x80000000000000006962067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d996a4992731ce2022-01-05 10:03:28.714root 11241100x80000000000000006962068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4526ed2e5ba107292022-01-05 10:03:28.714root 11241100x80000000000000006962069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8948f4b35927002022-01-05 10:03:28.715root 11241100x80000000000000006962070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c019ab0130018b42022-01-05 10:03:28.715root 11241100x80000000000000006962071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a156b0a1ce17c032022-01-05 10:03:28.715root 11241100x80000000000000006962072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4cb492cd780dfe2022-01-05 10:03:28.715root 11241100x80000000000000006962073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e19e111ae2312df2022-01-05 10:03:28.716root 11241100x80000000000000006962074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0768615ab5d2be632022-01-05 10:03:28.716root 11241100x80000000000000006962075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:28.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd52a1cce6933b22022-01-05 10:03:28.716root 354300x80000000000000006962076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.085{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41732-false10.0.1.12-8000- 11241100x80000000000000006962077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e70df7343b9282c2022-01-05 10:03:29.085root 11241100x80000000000000006962078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44975e106693abbd2022-01-05 10:03:29.086root 11241100x80000000000000006962079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f91a74e7df04272022-01-05 10:03:29.086root 11241100x80000000000000006962080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d2b2777a8062412022-01-05 10:03:29.086root 11241100x80000000000000006962081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89a536a727ecd472022-01-05 10:03:29.086root 11241100x80000000000000006962082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f823f573dca1d72022-01-05 10:03:29.086root 11241100x80000000000000006962083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a66cb37240e9c052022-01-05 10:03:29.086root 11241100x80000000000000006962084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4190a17b6447fc6b2022-01-05 10:03:29.086root 11241100x80000000000000006962085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bc85a731de780b2022-01-05 10:03:29.086root 11241100x80000000000000006962086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f354cb76788a662022-01-05 10:03:29.086root 11241100x80000000000000006962087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d0f7137b8e7e42022-01-05 10:03:29.086root 11241100x80000000000000006962088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac797fe48de3aad2022-01-05 10:03:29.087root 11241100x80000000000000006962089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed7a3febcfa5b622022-01-05 10:03:29.087root 11241100x80000000000000006962090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9260385181731d962022-01-05 10:03:29.087root 11241100x80000000000000006962091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954f6168448669512022-01-05 10:03:29.087root 11241100x80000000000000006962092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12739a52026e72ec2022-01-05 10:03:29.087root 11241100x80000000000000006962093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c160ee020fafc4b82022-01-05 10:03:29.087root 11241100x80000000000000006962094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e20007912956ffe2022-01-05 10:03:29.087root 11241100x80000000000000006962095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9052bcab3073788a2022-01-05 10:03:29.087root 11241100x80000000000000006962096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1b27b3cd3a61c42022-01-05 10:03:29.087root 11241100x80000000000000006962097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa9577e4bc7389a2022-01-05 10:03:29.087root 11241100x80000000000000006962098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e96b74de4b31472022-01-05 10:03:29.087root 11241100x80000000000000006962099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.088{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cf390a045164532022-01-05 10:03:29.088root 11241100x80000000000000006962100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.088{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5c298ac1b6a2b52022-01-05 10:03:29.088root 11241100x80000000000000006962101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.088{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a350973507ed6ddc2022-01-05 10:03:29.088root 11241100x80000000000000006962102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.088{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da507e2fed960ef2022-01-05 10:03:29.088root 11241100x80000000000000006962103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.088{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a135f60ebe41bdae2022-01-05 10:03:29.088root 11241100x80000000000000006962104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.089{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dae4bdb091595f92022-01-05 10:03:29.089root 11241100x80000000000000006962105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.089{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97731a712dfd8572022-01-05 10:03:29.089root 11241100x80000000000000006962106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.089{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6243b94eb6f892b82022-01-05 10:03:29.089root 11241100x80000000000000006962107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.089{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba3d7d812f0c6d2022-01-05 10:03:29.089root 11241100x80000000000000006962108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.089{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e14ce7b4b752b12022-01-05 10:03:29.089root 11241100x80000000000000006962109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.089{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a48a9de6ec611d2022-01-05 10:03:29.089root 11241100x80000000000000006962110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.089{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207d11e0e0d894c52022-01-05 10:03:29.089root 11241100x80000000000000006962111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.089{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99222009f1fdf7d92022-01-05 10:03:29.089root 11241100x80000000000000006962112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.090{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd680eee0f1c94ec2022-01-05 10:03:29.090root 11241100x80000000000000006962113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.090{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b6f94ea98caa1d2022-01-05 10:03:29.090root 11241100x80000000000000006962114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.091{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81861a860079f5622022-01-05 10:03:29.091root 11241100x80000000000000006962115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.220{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:03:29.220root 11241100x80000000000000006962116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadaaec60ad401492022-01-05 10:03:29.460root 11241100x80000000000000006962117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc0af9671bc0522022-01-05 10:03:29.461root 11241100x80000000000000006962118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e5962de1e33dea2022-01-05 10:03:29.461root 11241100x80000000000000006962119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f50744108d4c282022-01-05 10:03:29.461root 11241100x80000000000000006962120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91991e8a10c5515f2022-01-05 10:03:29.461root 11241100x80000000000000006962121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59dd886c9f948dc2022-01-05 10:03:29.461root 11241100x80000000000000006962122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfee84af565892952022-01-05 10:03:29.461root 11241100x80000000000000006962123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38cd8ddada854a82022-01-05 10:03:29.461root 11241100x80000000000000006962124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd7dfd6579db0e42022-01-05 10:03:29.462root 11241100x80000000000000006962125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a689be9f86eab42022-01-05 10:03:29.462root 11241100x80000000000000006962126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bdb9b3fa01edc02022-01-05 10:03:29.462root 11241100x80000000000000006962127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608df81bc9db50bf2022-01-05 10:03:29.462root 11241100x80000000000000006962128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a134eb4e3f62392022-01-05 10:03:29.462root 11241100x80000000000000006962129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275696d7a40084292022-01-05 10:03:29.462root 11241100x80000000000000006962130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4bcff3c53c780e2022-01-05 10:03:29.462root 11241100x80000000000000006962131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000699b502174a8e2022-01-05 10:03:29.463root 11241100x80000000000000006962132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195e5a54b039224b2022-01-05 10:03:29.463root 11241100x80000000000000006962133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9e124803115c262022-01-05 10:03:29.463root 11241100x80000000000000006962134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c168350eabaf19052022-01-05 10:03:29.463root 11241100x80000000000000006962135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f499f1775743eb2022-01-05 10:03:29.464root 11241100x80000000000000006962136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed454ed0486713e32022-01-05 10:03:29.465root 11241100x80000000000000006962137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a15db420841e6c52022-01-05 10:03:29.465root 11241100x80000000000000006962138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dc9d7b5a229e5c2022-01-05 10:03:29.465root 11241100x80000000000000006962139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119fd91414fe36c22022-01-05 10:03:29.465root 11241100x80000000000000006962140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863a2e708cd870152022-01-05 10:03:29.465root 11241100x80000000000000006962141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a52f5de14986092022-01-05 10:03:29.465root 11241100x80000000000000006962142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bebc124718b31c2022-01-05 10:03:29.465root 11241100x80000000000000006962143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30255ab5c2704fc12022-01-05 10:03:29.465root 11241100x80000000000000006962144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3a50546b1f21e82022-01-05 10:03:29.466root 11241100x80000000000000006962145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcaae18a7cb81b22022-01-05 10:03:29.466root 11241100x80000000000000006962146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36f7a4f63a21b572022-01-05 10:03:29.466root 11241100x80000000000000006962147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bacc4e1d056f862022-01-05 10:03:29.466root 11241100x80000000000000006962148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f62ff2c2da3bc862022-01-05 10:03:29.466root 11241100x80000000000000006962149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718618dbfed9d8602022-01-05 10:03:29.466root 11241100x80000000000000006962150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37497bf308b9c0e2022-01-05 10:03:29.960root 11241100x80000000000000006962151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339b1deea228978e2022-01-05 10:03:29.960root 11241100x80000000000000006962152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4712424be808462022-01-05 10:03:29.960root 11241100x80000000000000006962153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5b0164684c212f2022-01-05 10:03:29.960root 11241100x80000000000000006962154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f649e89c4b83d002022-01-05 10:03:29.961root 11241100x80000000000000006962155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3460a98d26874f2022-01-05 10:03:29.961root 11241100x80000000000000006962156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b01698f4ad7b482022-01-05 10:03:29.961root 11241100x80000000000000006962157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70cf5e7ce0bbc242022-01-05 10:03:29.961root 11241100x80000000000000006962158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3f8e7a651baafa2022-01-05 10:03:29.961root 11241100x80000000000000006962159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1a6bab3ae3c5682022-01-05 10:03:29.961root 11241100x80000000000000006962160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41bf74364bbeba02022-01-05 10:03:29.961root 11241100x80000000000000006962161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2545c5e7837ec072022-01-05 10:03:29.962root 11241100x80000000000000006962162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ba2f691e5ce2882022-01-05 10:03:29.962root 11241100x80000000000000006962163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3524abfa68d68ab52022-01-05 10:03:29.962root 11241100x80000000000000006962164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1f35d328abc4842022-01-05 10:03:29.962root 11241100x80000000000000006962165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9b20abcad987812022-01-05 10:03:29.962root 11241100x80000000000000006962166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d361813624d06462022-01-05 10:03:29.962root 11241100x80000000000000006962167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3395833f65b729a42022-01-05 10:03:29.962root 11241100x80000000000000006962168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41653107c825b99f2022-01-05 10:03:29.962root 11241100x80000000000000006962169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b96a270742b3aa32022-01-05 10:03:29.963root 11241100x80000000000000006962170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a7fe1faf5bf9222022-01-05 10:03:29.963root 11241100x80000000000000006962171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c586fd1ca215d2b82022-01-05 10:03:29.963root 11241100x80000000000000006962172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c043e2eb9fe604172022-01-05 10:03:29.963root 11241100x80000000000000006962173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d97eb21150d7ee2022-01-05 10:03:29.963root 11241100x80000000000000006962174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72558e1086fa6062022-01-05 10:03:29.963root 11241100x80000000000000006962175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97acf3cc9275bd052022-01-05 10:03:29.963root 11241100x80000000000000006962176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8376a2ef482608652022-01-05 10:03:29.964root 11241100x80000000000000006962177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75438bb3c0f974952022-01-05 10:03:29.964root 11241100x80000000000000006962178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28234ddb9ea973d2022-01-05 10:03:29.964root 11241100x80000000000000006962179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83a70b4b35b04cd2022-01-05 10:03:29.964root 11241100x80000000000000006962180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdacfa0e18eb7642022-01-05 10:03:29.965root 11241100x80000000000000006962181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f695f08b98c632222022-01-05 10:03:29.965root 11241100x80000000000000006962182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1389180a896d80042022-01-05 10:03:29.965root 11241100x80000000000000006962183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:29.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9612b1103b8519b22022-01-05 10:03:29.965root 11241100x80000000000000006962184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c79af87a8d65e172022-01-05 10:03:30.460root 11241100x80000000000000006962185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da80690445cbeff2022-01-05 10:03:30.460root 11241100x80000000000000006962186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c90e9f3ca14160c2022-01-05 10:03:30.460root 11241100x80000000000000006962187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040820bb4d2c094d2022-01-05 10:03:30.460root 11241100x80000000000000006962188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459f7d5c239d63392022-01-05 10:03:30.461root 11241100x80000000000000006962189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35fe8ce80a939f72022-01-05 10:03:30.461root 11241100x80000000000000006962190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9da6fe6658e30f2022-01-05 10:03:30.461root 11241100x80000000000000006962191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4439912cc2f28b7d2022-01-05 10:03:30.461root 11241100x80000000000000006962192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89c0de18d65b7552022-01-05 10:03:30.461root 11241100x80000000000000006962193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4b70c1bebdb0b92022-01-05 10:03:30.461root 11241100x80000000000000006962194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3643d21ad068f3d12022-01-05 10:03:30.461root 11241100x80000000000000006962195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef2cdcba2db42ba2022-01-05 10:03:30.461root 11241100x80000000000000006962196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f339b20da53e172022-01-05 10:03:30.461root 11241100x80000000000000006962197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502016c65d1684d42022-01-05 10:03:30.461root 11241100x80000000000000006962198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9b331b28fd4df02022-01-05 10:03:30.461root 11241100x80000000000000006962199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c939bf99e72244672022-01-05 10:03:30.461root 11241100x80000000000000006962200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57288ff3503baf2e2022-01-05 10:03:30.462root 11241100x80000000000000006962201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf11181aec36e2f2022-01-05 10:03:30.462root 11241100x80000000000000006962202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de7e17b28936eef2022-01-05 10:03:30.462root 11241100x80000000000000006962203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b522698167607a32022-01-05 10:03:30.462root 11241100x80000000000000006962204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3376a1fc40f1c22022-01-05 10:03:30.462root 11241100x80000000000000006962205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0465b424f65c7ff22022-01-05 10:03:30.462root 11241100x80000000000000006962206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaef9814eb854dad2022-01-05 10:03:30.462root 11241100x80000000000000006962207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5a47b0932be1792022-01-05 10:03:30.462root 11241100x80000000000000006962208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a618a68d9b1f72d72022-01-05 10:03:30.462root 11241100x80000000000000006962209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87d8fcd5ab523b32022-01-05 10:03:30.462root 11241100x80000000000000006962210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efc65b4d82a40a92022-01-05 10:03:30.463root 11241100x80000000000000006962211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65d5c47309e72702022-01-05 10:03:30.463root 11241100x80000000000000006962212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005f906966cf61492022-01-05 10:03:30.463root 11241100x80000000000000006962213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dc7719606d29a72022-01-05 10:03:30.463root 11241100x80000000000000006962214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f701e0deed26332022-01-05 10:03:30.463root 11241100x80000000000000006962215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ad8ecbb43a6d512022-01-05 10:03:30.463root 11241100x80000000000000006962216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6694ab33128f93ed2022-01-05 10:03:30.463root 11241100x80000000000000006962217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b6ce91511826262022-01-05 10:03:30.463root 11241100x80000000000000006962218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f528596ba486ceb2022-01-05 10:03:30.960root 11241100x80000000000000006962219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd589935d35395e2022-01-05 10:03:30.960root 11241100x80000000000000006962220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caba312672fa864d2022-01-05 10:03:30.960root 11241100x80000000000000006962221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2a7c1afa3e4b032022-01-05 10:03:30.960root 11241100x80000000000000006962222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca79d0b0c565d1a92022-01-05 10:03:30.961root 11241100x80000000000000006962223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39a6dada973f2d52022-01-05 10:03:30.961root 11241100x80000000000000006962224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775bbf3e1502b4702022-01-05 10:03:30.961root 11241100x80000000000000006962225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3455d8bfaac3c9422022-01-05 10:03:30.961root 11241100x80000000000000006962226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752809a0e57ec8b2022-01-05 10:03:30.961root 11241100x80000000000000006962227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dad6d540106604c2022-01-05 10:03:30.961root 11241100x80000000000000006962228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1655e1b3ae73f0eb2022-01-05 10:03:30.961root 11241100x80000000000000006962229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6f304c9cd892c82022-01-05 10:03:30.961root 11241100x80000000000000006962230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb83d55f1f7c5aa32022-01-05 10:03:30.961root 11241100x80000000000000006962231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203acc5d7cc11d942022-01-05 10:03:30.961root 11241100x80000000000000006962232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b334f392bc4f1a2022-01-05 10:03:30.961root 11241100x80000000000000006962233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55631b11ed103522022-01-05 10:03:30.961root 11241100x80000000000000006962234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305665035dbdc3492022-01-05 10:03:30.961root 11241100x80000000000000006962235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae16f83cf0d7baf02022-01-05 10:03:30.962root 11241100x80000000000000006962236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3ba193e254e8402022-01-05 10:03:30.962root 11241100x80000000000000006962237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5d57e7b4bb911f2022-01-05 10:03:30.962root 11241100x80000000000000006962238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c684d5f1651d47d2022-01-05 10:03:30.962root 11241100x80000000000000006962239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0af558ec336cd62022-01-05 10:03:30.962root 11241100x80000000000000006962240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0accc4ee6c81942022-01-05 10:03:30.962root 11241100x80000000000000006962241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b15e6ef0a6deb22022-01-05 10:03:30.962root 11241100x80000000000000006962242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb9584c61f608d2022-01-05 10:03:30.962root 11241100x80000000000000006962243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144103df897164002022-01-05 10:03:30.962root 11241100x80000000000000006962244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfe39397f69d5a12022-01-05 10:03:30.962root 11241100x80000000000000006962245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d90a6f55222dda2022-01-05 10:03:30.962root 11241100x80000000000000006962246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d77a351306fe672022-01-05 10:03:30.962root 11241100x80000000000000006962247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84dbc89718ef8632022-01-05 10:03:30.962root 11241100x80000000000000006962248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2ba22a32463d232022-01-05 10:03:30.963root 11241100x80000000000000006962249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf72a5c66f8041542022-01-05 10:03:30.963root 11241100x80000000000000006962250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786e4037607493422022-01-05 10:03:30.963root 11241100x80000000000000006962251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58d51cb230379fa2022-01-05 10:03:30.963root 11241100x80000000000000006962252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bada9f999f2d1fbe2022-01-05 10:03:31.461root 11241100x80000000000000006962253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013235d88c9582a12022-01-05 10:03:31.461root 11241100x80000000000000006962254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9780cae4e4945da62022-01-05 10:03:31.461root 11241100x80000000000000006962255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db06b1306d88f2332022-01-05 10:03:31.461root 11241100x80000000000000006962256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21864c1245a9bcce2022-01-05 10:03:31.461root 11241100x80000000000000006962257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ca2e26202f166a2022-01-05 10:03:31.461root 11241100x80000000000000006962258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506c195e230204d62022-01-05 10:03:31.461root 11241100x80000000000000006962259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4bc0f1896ae98f2022-01-05 10:03:31.461root 11241100x80000000000000006962260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd2cf7aae47589c2022-01-05 10:03:31.461root 11241100x80000000000000006962261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c77e0c4451d13a2022-01-05 10:03:31.461root 11241100x80000000000000006962262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e92bda19fe85df2022-01-05 10:03:31.462root 11241100x80000000000000006962263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e3b73e0a95142d2022-01-05 10:03:31.462root 11241100x80000000000000006962264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b94a6e644418fa2022-01-05 10:03:31.462root 11241100x80000000000000006962265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c69ecfda9880892022-01-05 10:03:31.462root 11241100x80000000000000006962266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa1fe86178659692022-01-05 10:03:31.462root 11241100x80000000000000006962267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc78c1bf6274b422022-01-05 10:03:31.462root 11241100x80000000000000006962268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139757ae555e12482022-01-05 10:03:31.462root 11241100x80000000000000006962269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fab28940f4b88552022-01-05 10:03:31.462root 11241100x80000000000000006962270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ad9675739c59a32022-01-05 10:03:31.462root 11241100x80000000000000006962271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c377a9fcd386192022-01-05 10:03:31.462root 11241100x80000000000000006962272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580493894757e8892022-01-05 10:03:31.463root 11241100x80000000000000006962273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d35c1a51f78cd802022-01-05 10:03:31.463root 11241100x80000000000000006962274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd18aa96c0f31ed52022-01-05 10:03:31.463root 11241100x80000000000000006962275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe145c86b8fcdcdd2022-01-05 10:03:31.463root 11241100x80000000000000006962276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbf4609c81cab812022-01-05 10:03:31.463root 11241100x80000000000000006962277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa8c23777852d0c2022-01-05 10:03:31.463root 11241100x80000000000000006962278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5404c8abbb7b2832022-01-05 10:03:31.463root 11241100x80000000000000006962279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcfda1ad3ba92312022-01-05 10:03:31.463root 11241100x80000000000000006962280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac5738274cd28702022-01-05 10:03:31.463root 11241100x80000000000000006962281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89ad23aa0d383fe2022-01-05 10:03:31.463root 11241100x80000000000000006962282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcffa88017156572022-01-05 10:03:31.464root 11241100x80000000000000006962283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550f23d14694cfbc2022-01-05 10:03:31.464root 11241100x80000000000000006962284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7916aa6f6e0502c2022-01-05 10:03:31.464root 11241100x80000000000000006962285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca03887f58fcbd62022-01-05 10:03:31.464root 11241100x80000000000000006962286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c3db1616cec4bd2022-01-05 10:03:31.960root 11241100x80000000000000006962287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af70c29020127a972022-01-05 10:03:31.960root 11241100x80000000000000006962288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63034d8cb89814402022-01-05 10:03:31.960root 11241100x80000000000000006962289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e796f5573e287d62022-01-05 10:03:31.961root 11241100x80000000000000006962290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a16e75d991585da2022-01-05 10:03:31.961root 11241100x80000000000000006962291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0871f92276b63c2022-01-05 10:03:31.961root 11241100x80000000000000006962292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e041bbe1da698b42022-01-05 10:03:31.961root 11241100x80000000000000006962293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0438e72b0cef537f2022-01-05 10:03:31.961root 11241100x80000000000000006962294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84de61cb72f92ea92022-01-05 10:03:31.961root 11241100x80000000000000006962295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed05b790c47d67682022-01-05 10:03:31.961root 11241100x80000000000000006962296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b214ee8222cf43212022-01-05 10:03:31.961root 11241100x80000000000000006962297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea19eef9b215d2732022-01-05 10:03:31.961root 11241100x80000000000000006962298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947220459393df8d2022-01-05 10:03:31.961root 11241100x80000000000000006962299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf18d8e171c35f4b2022-01-05 10:03:31.961root 11241100x80000000000000006962300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab937703dbd2c4052022-01-05 10:03:31.961root 11241100x80000000000000006962301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ee9d53f5286ea22022-01-05 10:03:31.961root 11241100x80000000000000006962302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c710ee659d32ae2e2022-01-05 10:03:31.961root 11241100x80000000000000006962303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff554da11b91b162022-01-05 10:03:31.961root 11241100x80000000000000006962304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dcf6c9eec452b82022-01-05 10:03:31.962root 11241100x80000000000000006962305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f935bd10032096a92022-01-05 10:03:31.962root 11241100x80000000000000006962306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2604336046eefd742022-01-05 10:03:31.962root 11241100x80000000000000006962307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5a35c100c521152022-01-05 10:03:31.962root 11241100x80000000000000006962308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d16cc5e955510c32022-01-05 10:03:31.962root 11241100x80000000000000006962309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d75fe280517d872022-01-05 10:03:31.962root 11241100x80000000000000006962310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1000ecabb9609a2022-01-05 10:03:31.962root 11241100x80000000000000006962311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a424a82c42acc80e2022-01-05 10:03:31.962root 11241100x80000000000000006962312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee8d23c5da4c9652022-01-05 10:03:31.962root 11241100x80000000000000006962313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039b9727d381ff3b2022-01-05 10:03:31.962root 11241100x80000000000000006962314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c62df30e144cc12022-01-05 10:03:31.962root 11241100x80000000000000006962315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a172971e9333c42022-01-05 10:03:31.962root 11241100x80000000000000006962316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1702776d24fab72022-01-05 10:03:31.962root 11241100x80000000000000006962317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4d77ef917f40112022-01-05 10:03:31.962root 11241100x80000000000000006962318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7facfb39b110c712022-01-05 10:03:31.962root 11241100x80000000000000006962319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:31.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ea928fa9ba03992022-01-05 10:03:31.962root 23542300x80000000000000006962320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006962321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bd50a3f50e22f62022-01-05 10:03:32.222root 11241100x80000000000000006962322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cec8be5f43366292022-01-05 10:03:32.222root 11241100x80000000000000006962323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bbac792f1db1bd2022-01-05 10:03:32.223root 11241100x80000000000000006962324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d014945626befff2022-01-05 10:03:32.223root 11241100x80000000000000006962325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd469f442c796562022-01-05 10:03:32.223root 11241100x80000000000000006962326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ab73511fac44ae2022-01-05 10:03:32.223root 11241100x80000000000000006962327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317896f04ec8bf8b2022-01-05 10:03:32.223root 11241100x80000000000000006962328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50eaae25f634d6e2022-01-05 10:03:32.223root 11241100x80000000000000006962329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39c70bff45bdc0b2022-01-05 10:03:32.223root 11241100x80000000000000006962330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df3840153b37fb52022-01-05 10:03:32.223root 11241100x80000000000000006962331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead08087511402382022-01-05 10:03:32.223root 11241100x80000000000000006962332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbe2f3af50278de2022-01-05 10:03:32.223root 11241100x80000000000000006962333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8699a7fc0e9779102022-01-05 10:03:32.224root 11241100x80000000000000006962334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43015a6dcd26bad2022-01-05 10:03:32.224root 11241100x80000000000000006962335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65feb8fa00f71552022-01-05 10:03:32.224root 11241100x80000000000000006962336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2203fd34a598f3a62022-01-05 10:03:32.224root 11241100x80000000000000006962337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19f98c9155bbd902022-01-05 10:03:32.224root 11241100x80000000000000006962338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb82e00b9eed2a6b2022-01-05 10:03:32.224root 11241100x80000000000000006962339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458217ce8330f5122022-01-05 10:03:32.224root 11241100x80000000000000006962340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bea056594e09cb32022-01-05 10:03:32.224root 11241100x80000000000000006962341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb040c34c4d0e2362022-01-05 10:03:32.224root 11241100x80000000000000006962342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a234af183178403e2022-01-05 10:03:32.224root 11241100x80000000000000006962343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7acf5c581145d1f2022-01-05 10:03:32.225root 11241100x80000000000000006962344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9d8ee696109daf2022-01-05 10:03:32.225root 11241100x80000000000000006962345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6123dde222b27cfc2022-01-05 10:03:32.225root 11241100x80000000000000006962346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5d7344e19988b72022-01-05 10:03:32.225root 11241100x80000000000000006962347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd73160bbfcfc192022-01-05 10:03:32.225root 11241100x80000000000000006962348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a30c2668d0af9cc2022-01-05 10:03:32.225root 11241100x80000000000000006962349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fad4a7fc1634fe62022-01-05 10:03:32.225root 11241100x80000000000000006962350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3920f3b33991392022-01-05 10:03:32.226root 11241100x80000000000000006962351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5faf113f44b4c272022-01-05 10:03:32.226root 11241100x80000000000000006962352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f718023bfa6166b2022-01-05 10:03:32.226root 11241100x80000000000000006962353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8020406f095f73862022-01-05 10:03:32.226root 11241100x80000000000000006962354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5722894a5e6dfd382022-01-05 10:03:32.227root 11241100x80000000000000006962355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591e589ba5ca71992022-01-05 10:03:32.227root 11241100x80000000000000006962356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573a43bdfa7ccb2e2022-01-05 10:03:32.227root 11241100x80000000000000006962357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2121843bad6edf32022-01-05 10:03:32.227root 11241100x80000000000000006962358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e3416b1deaa0912022-01-05 10:03:32.227root 11241100x80000000000000006962359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73c679968ccaa6c2022-01-05 10:03:32.227root 11241100x80000000000000006962360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f37987a9ca03212022-01-05 10:03:32.227root 11241100x80000000000000006962361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88e14c0846554dc2022-01-05 10:03:32.228root 11241100x80000000000000006962362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c712ae06bf46ac2022-01-05 10:03:32.229root 11241100x80000000000000006962363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fe1c5a109e73cc2022-01-05 10:03:32.229root 11241100x80000000000000006962364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47f7c1acd62f6002022-01-05 10:03:32.229root 11241100x80000000000000006962365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89426fec6cb3612f2022-01-05 10:03:32.229root 11241100x80000000000000006962366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370dfed909ee37222022-01-05 10:03:32.229root 11241100x80000000000000006962367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca19d7bf2c67f3a2022-01-05 10:03:32.229root 11241100x80000000000000006962368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fab454706a4f9c2022-01-05 10:03:32.229root 11241100x80000000000000006962369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144d65778f6ccebf2022-01-05 10:03:32.229root 11241100x80000000000000006962370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2d99c87d4669532022-01-05 10:03:32.229root 11241100x80000000000000006962371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd2c7643166b7dd2022-01-05 10:03:32.710root 11241100x80000000000000006962372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4351940dc1f7cc02022-01-05 10:03:32.710root 11241100x80000000000000006962373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68e24a17937be442022-01-05 10:03:32.711root 11241100x80000000000000006962374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7335dd84488b2e882022-01-05 10:03:32.711root 11241100x80000000000000006962375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23565144adbeba802022-01-05 10:03:32.711root 11241100x80000000000000006962376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963e12514d1423642022-01-05 10:03:32.711root 11241100x80000000000000006962377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47a9b84863176ba2022-01-05 10:03:32.711root 11241100x80000000000000006962378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d050a2b648ee74d22022-01-05 10:03:32.711root 11241100x80000000000000006962379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9599490cf30df882022-01-05 10:03:32.711root 11241100x80000000000000006962380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea50bce6c3b5bb12022-01-05 10:03:32.711root 11241100x80000000000000006962381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560c9dd75d8cd98a2022-01-05 10:03:32.711root 11241100x80000000000000006962382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b7d589750032ea2022-01-05 10:03:32.711root 11241100x80000000000000006962383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8743796ff0cc2c562022-01-05 10:03:32.711root 11241100x80000000000000006962384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c9e99e532c3c0b2022-01-05 10:03:32.711root 11241100x80000000000000006962385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9e9c9d35211ba32022-01-05 10:03:32.711root 11241100x80000000000000006962386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059e7a45aa5946d52022-01-05 10:03:32.711root 11241100x80000000000000006962387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fadfa53f7c897cd2022-01-05 10:03:32.711root 11241100x80000000000000006962388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d0a1661f8000412022-01-05 10:03:32.712root 11241100x80000000000000006962389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffbfe38b616acf62022-01-05 10:03:32.712root 11241100x80000000000000006962390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694d5784b4f7f2f92022-01-05 10:03:32.712root 11241100x80000000000000006962391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efde5242cde91c392022-01-05 10:03:32.712root 11241100x80000000000000006962392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a075140ac0802422022-01-05 10:03:32.712root 11241100x80000000000000006962393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca76cd03f070c092022-01-05 10:03:32.712root 11241100x80000000000000006962394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc366d88379adab2022-01-05 10:03:32.712root 11241100x80000000000000006962395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306ccab3b8e467a82022-01-05 10:03:32.712root 11241100x80000000000000006962396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea6e1abc29898162022-01-05 10:03:32.712root 11241100x80000000000000006962397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd98e5864230780b2022-01-05 10:03:32.712root 11241100x80000000000000006962398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6a6975b45934952022-01-05 10:03:32.712root 11241100x80000000000000006962399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7641fdaf1f1ec8b92022-01-05 10:03:32.712root 11241100x80000000000000006962400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea69b0a1e4b9ead2022-01-05 10:03:32.712root 11241100x80000000000000006962401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26664d5dc9cc78812022-01-05 10:03:32.713root 11241100x80000000000000006962402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088a5516e2a1ee982022-01-05 10:03:32.713root 11241100x80000000000000006962403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d1ad20059eaef52022-01-05 10:03:32.713root 11241100x80000000000000006962404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87962b77be242db32022-01-05 10:03:32.713root 11241100x80000000000000006962405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d9d2d19a25e6af2022-01-05 10:03:32.713root 11241100x80000000000000006962406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fb93a99ff12ca32022-01-05 10:03:33.210root 11241100x80000000000000006962407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec4385336cf73752022-01-05 10:03:33.211root 11241100x80000000000000006962408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34f9e061d93c2d02022-01-05 10:03:33.211root 11241100x80000000000000006962409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbed3c100706c4d2022-01-05 10:03:33.211root 11241100x80000000000000006962410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187003dbf2a479aa2022-01-05 10:03:33.211root 11241100x80000000000000006962411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2669046362ad8f2022-01-05 10:03:33.211root 11241100x80000000000000006962412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e118dd794ad6c12022-01-05 10:03:33.211root 11241100x80000000000000006962413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d91d67a57bdaec2022-01-05 10:03:33.211root 11241100x80000000000000006962414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04614a15c79990582022-01-05 10:03:33.211root 11241100x80000000000000006962415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbbdc2c4d2ec8262022-01-05 10:03:33.211root 11241100x80000000000000006962416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8e0531a5358f542022-01-05 10:03:33.211root 11241100x80000000000000006962417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9886775d1a77b712022-01-05 10:03:33.211root 11241100x80000000000000006962418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8057cb0c991dffe72022-01-05 10:03:33.212root 11241100x80000000000000006962419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636db3bd6a397ec22022-01-05 10:03:33.212root 11241100x80000000000000006962420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267281dce46cf8f62022-01-05 10:03:33.212root 11241100x80000000000000006962421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9b3c18a454298b2022-01-05 10:03:33.212root 11241100x80000000000000006962422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fb45a8b9966ad92022-01-05 10:03:33.212root 11241100x80000000000000006962423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d279f97411572e4b2022-01-05 10:03:33.212root 11241100x80000000000000006962424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72be07f223d472d82022-01-05 10:03:33.212root 11241100x80000000000000006962425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03b6f9b01eb9d762022-01-05 10:03:33.212root 11241100x80000000000000006962426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dd5f4bbdf6c7fb2022-01-05 10:03:33.213root 11241100x80000000000000006962427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e007846a95d2840e2022-01-05 10:03:33.213root 11241100x80000000000000006962428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97604ed1d558e5502022-01-05 10:03:33.213root 11241100x80000000000000006962429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d5cde9d4701a742022-01-05 10:03:33.213root 11241100x80000000000000006962430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bad890cef8139b82022-01-05 10:03:33.213root 11241100x80000000000000006962431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47757b0927df97112022-01-05 10:03:33.213root 11241100x80000000000000006962432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a54e67e3b36427a2022-01-05 10:03:33.213root 11241100x80000000000000006962433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88eccd2fbafd13a2022-01-05 10:03:33.214root 11241100x80000000000000006962434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bb5188e7f6d19e2022-01-05 10:03:33.214root 11241100x80000000000000006962435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ec0cd11b5977772022-01-05 10:03:33.214root 11241100x80000000000000006962436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4de332c13d25502022-01-05 10:03:33.214root 11241100x80000000000000006962437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cf7ab92c65519c2022-01-05 10:03:33.214root 11241100x80000000000000006962438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6801a05ba16eb2022-01-05 10:03:33.214root 11241100x80000000000000006962439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3715b06bc1e4e62022-01-05 10:03:33.214root 11241100x80000000000000006962440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e65cd0d93642a12022-01-05 10:03:33.214root 11241100x80000000000000006962441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1338988027736a6d2022-01-05 10:03:33.710root 11241100x80000000000000006962442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d11d38326c186112022-01-05 10:03:33.711root 11241100x80000000000000006962443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764302ad950fae682022-01-05 10:03:33.711root 11241100x80000000000000006962444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac9c6a42dc1c7d52022-01-05 10:03:33.711root 11241100x80000000000000006962445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a65c2f4c43e88f02022-01-05 10:03:33.711root 11241100x80000000000000006962446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fe8242cd0faa1b2022-01-05 10:03:33.711root 11241100x80000000000000006962447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6719b8b249bbe8a62022-01-05 10:03:33.711root 11241100x80000000000000006962448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bf10cdd0693fb42022-01-05 10:03:33.711root 11241100x80000000000000006962449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9bc7db307276eb2022-01-05 10:03:33.711root 11241100x80000000000000006962450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0e37beecdf6aa92022-01-05 10:03:33.711root 11241100x80000000000000006962451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a2ded8f6063f992022-01-05 10:03:33.712root 11241100x80000000000000006962452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8a1ec674fc3afb2022-01-05 10:03:33.712root 11241100x80000000000000006962453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01350ab7931dc0cb2022-01-05 10:03:33.712root 11241100x80000000000000006962454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fea374cff574392022-01-05 10:03:33.712root 11241100x80000000000000006962455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c496a4827aed7112022-01-05 10:03:33.712root 11241100x80000000000000006962456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e96833058ee0402022-01-05 10:03:33.712root 11241100x80000000000000006962457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a628397e740aba9a2022-01-05 10:03:33.712root 11241100x80000000000000006962458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa9867610f618e12022-01-05 10:03:33.712root 11241100x80000000000000006962459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b9b3e6fff76e6c2022-01-05 10:03:33.713root 11241100x80000000000000006962460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc5c9f914695512022-01-05 10:03:33.713root 11241100x80000000000000006962461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3a8d6ba9938d232022-01-05 10:03:33.713root 11241100x80000000000000006962462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f879b8a146b361362022-01-05 10:03:33.713root 11241100x80000000000000006962463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401632120aef27682022-01-05 10:03:33.713root 11241100x80000000000000006962464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f21dc09c78adb72022-01-05 10:03:33.713root 11241100x80000000000000006962465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4e7090351170df2022-01-05 10:03:33.713root 11241100x80000000000000006962466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc20ee74087cc5f2022-01-05 10:03:33.713root 11241100x80000000000000006962467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772d2022cc44435b2022-01-05 10:03:33.714root 11241100x80000000000000006962468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b9c9e0e86a77af2022-01-05 10:03:33.714root 11241100x80000000000000006962469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb6a8defeb637972022-01-05 10:03:33.714root 11241100x80000000000000006962470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4148b16584804ec2022-01-05 10:03:33.714root 11241100x80000000000000006962471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb98b633dbc739a2022-01-05 10:03:33.714root 11241100x80000000000000006962472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f894778c15bbfa42022-01-05 10:03:33.714root 11241100x80000000000000006962473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a265d19e72adcbe2022-01-05 10:03:33.714root 11241100x80000000000000006962474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1532312fbfd58382022-01-05 10:03:33.714root 11241100x80000000000000006962475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744b32c0955868372022-01-05 10:03:33.714root 354300x80000000000000006962476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:33.733{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42214-false10.0.1.12-8089- 11241100x80000000000000006962477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5053fa7a36f6ef2022-01-05 10:03:34.211root 11241100x80000000000000006962478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8402db881fbc6bc2022-01-05 10:03:34.211root 11241100x80000000000000006962479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653bb9a568dc66272022-01-05 10:03:34.211root 11241100x80000000000000006962480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffad47f80efc3a832022-01-05 10:03:34.211root 11241100x80000000000000006962481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ea71a0950871fa2022-01-05 10:03:34.211root 11241100x80000000000000006962482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e19c9d4e326cf92022-01-05 10:03:34.211root 11241100x80000000000000006962483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff140ce46273cca2022-01-05 10:03:34.211root 11241100x80000000000000006962484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928d0764ff73d5c22022-01-05 10:03:34.211root 11241100x80000000000000006962485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dc383becd4d6462022-01-05 10:03:34.211root 11241100x80000000000000006962486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136a04bb863480be2022-01-05 10:03:34.211root 11241100x80000000000000006962487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bac297be1e4920b2022-01-05 10:03:34.213root 11241100x80000000000000006962488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a83b9e6f2175f512022-01-05 10:03:34.213root 11241100x80000000000000006962489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8a75a92891fa432022-01-05 10:03:34.213root 11241100x80000000000000006962490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af81d7afaa568ec72022-01-05 10:03:34.213root 11241100x80000000000000006962491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f954a63a0817632c2022-01-05 10:03:34.213root 11241100x80000000000000006962492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4483704b2239b6192022-01-05 10:03:34.213root 11241100x80000000000000006962493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e3c28362030a632022-01-05 10:03:34.213root 11241100x80000000000000006962494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784aa74efd5dcb462022-01-05 10:03:34.214root 11241100x80000000000000006962495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ec71f022b5005f2022-01-05 10:03:34.214root 11241100x80000000000000006962496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459f0a599aa823de2022-01-05 10:03:34.214root 11241100x80000000000000006962497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f23591f8b41e592022-01-05 10:03:34.215root 11241100x80000000000000006962498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559f51ea37117d8a2022-01-05 10:03:34.215root 11241100x80000000000000006962499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ba730b160b2e8f2022-01-05 10:03:34.215root 11241100x80000000000000006962500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924fe6fd69ed4f832022-01-05 10:03:34.215root 11241100x80000000000000006962501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f090507e66fd8be2022-01-05 10:03:34.215root 11241100x80000000000000006962502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca1f1101f52bd1a2022-01-05 10:03:34.216root 11241100x80000000000000006962503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab43b66a3c205f2d2022-01-05 10:03:34.216root 11241100x80000000000000006962504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5c13e6fa603f7a2022-01-05 10:03:34.216root 11241100x80000000000000006962505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a7bdbfc3b99df22022-01-05 10:03:34.217root 11241100x80000000000000006962506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f97fd4bfb6d9932022-01-05 10:03:34.217root 11241100x80000000000000006962507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a189fca8d7554bd2022-01-05 10:03:34.217root 11241100x80000000000000006962508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0009e0ed715b75ff2022-01-05 10:03:34.217root 11241100x80000000000000006962509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51c09dfbe167e492022-01-05 10:03:34.217root 11241100x80000000000000006962510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271ee19cecf56cd92022-01-05 10:03:34.217root 11241100x80000000000000006962511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573a31ec7bd1d7542022-01-05 10:03:34.217root 11241100x80000000000000006962512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ee20eeb4ded42d2022-01-05 10:03:34.217root 354300x80000000000000006962513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.226{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41736-false10.0.1.12-8000- 11241100x80000000000000006962514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1381f7c669f04e822022-01-05 10:03:34.710root 11241100x80000000000000006962515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1819a8b70c1f430a2022-01-05 10:03:34.711root 11241100x80000000000000006962516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a51ea9e469b9ea2022-01-05 10:03:34.711root 11241100x80000000000000006962517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3b37745499a6dd2022-01-05 10:03:34.711root 11241100x80000000000000006962518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e38cec94e4f8552022-01-05 10:03:34.711root 11241100x80000000000000006962519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b495c1a41a11e3002022-01-05 10:03:34.711root 11241100x80000000000000006962520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dab4587a1dbc922022-01-05 10:03:34.711root 11241100x80000000000000006962521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4528e471e2ad24012022-01-05 10:03:34.711root 11241100x80000000000000006962522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a810841466c83ce2022-01-05 10:03:34.711root 11241100x80000000000000006962523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c34e357329fce22022-01-05 10:03:34.711root 11241100x80000000000000006962524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46979b699201eaa92022-01-05 10:03:34.711root 11241100x80000000000000006962525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d6b5574453d99f2022-01-05 10:03:34.711root 11241100x80000000000000006962526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3664cdd57162ad472022-01-05 10:03:34.711root 11241100x80000000000000006962527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7744a53b0f42623a2022-01-05 10:03:34.711root 11241100x80000000000000006962528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c233b9ce4042f052022-01-05 10:03:34.711root 11241100x80000000000000006962529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bc330dde58ae762022-01-05 10:03:34.711root 11241100x80000000000000006962530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ee6bffc1c939232022-01-05 10:03:34.712root 11241100x80000000000000006962531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8404eb0497b9c4242022-01-05 10:03:34.712root 11241100x80000000000000006962532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e189c4f1fa910ed82022-01-05 10:03:34.712root 11241100x80000000000000006962533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bba6dae61b125ac2022-01-05 10:03:34.712root 11241100x80000000000000006962534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba07f74bab9db5d2022-01-05 10:03:34.712root 11241100x80000000000000006962535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362063c2062647222022-01-05 10:03:34.712root 11241100x80000000000000006962536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea15d13578f764f2022-01-05 10:03:34.712root 11241100x80000000000000006962537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa67762206564b092022-01-05 10:03:34.712root 11241100x80000000000000006962538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacfc5603f8028cb2022-01-05 10:03:34.712root 11241100x80000000000000006962539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798ca309758b94302022-01-05 10:03:34.712root 11241100x80000000000000006962540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0a17cdda96f9c12022-01-05 10:03:34.712root 11241100x80000000000000006962541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c775ba63860bea82022-01-05 10:03:34.713root 11241100x80000000000000006962542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3addca9ec9356d132022-01-05 10:03:34.713root 11241100x80000000000000006962543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f1296c7f3ab3a22022-01-05 10:03:34.713root 11241100x80000000000000006962544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b9f705da4f01ba2022-01-05 10:03:34.713root 11241100x80000000000000006962545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1996dcbe5663612022-01-05 10:03:34.713root 11241100x80000000000000006962546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8e657ff9d962ec2022-01-05 10:03:34.713root 11241100x80000000000000006962547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f35c4d718cc1f2022-01-05 10:03:34.713root 11241100x80000000000000006962548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ac4dd0d11664de2022-01-05 10:03:34.713root 11241100x80000000000000006962549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8b0dbbcc22c16c2022-01-05 10:03:34.713root 11241100x80000000000000006962550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c481a92211dc722022-01-05 10:03:34.713root 11241100x80000000000000006962551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3c0a9890abeb872022-01-05 10:03:35.210root 11241100x80000000000000006962552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd7859f4f87d46a2022-01-05 10:03:35.211root 11241100x80000000000000006962553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5a4886424cfd2e2022-01-05 10:03:35.211root 11241100x80000000000000006962554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6911d9766dd992092022-01-05 10:03:35.211root 11241100x80000000000000006962555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024d358d25471e062022-01-05 10:03:35.211root 11241100x80000000000000006962556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01676ec092130a4d2022-01-05 10:03:35.211root 11241100x80000000000000006962557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cfb43f58fce41a2022-01-05 10:03:35.211root 11241100x80000000000000006962558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb15edce2bbff182022-01-05 10:03:35.211root 11241100x80000000000000006962559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cade61c6103d21012022-01-05 10:03:35.211root 11241100x80000000000000006962560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c0ed5281f138a32022-01-05 10:03:35.211root 11241100x80000000000000006962561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340f1fd691d0342c2022-01-05 10:03:35.211root 11241100x80000000000000006962562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561ce9d167e775882022-01-05 10:03:35.211root 11241100x80000000000000006962563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d4acac5891d0bf2022-01-05 10:03:35.211root 11241100x80000000000000006962564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c162f78c00b531442022-01-05 10:03:35.211root 11241100x80000000000000006962565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f40b5dd20132cc2022-01-05 10:03:35.211root 11241100x80000000000000006962566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def02fdceea521352022-01-05 10:03:35.212root 11241100x80000000000000006962567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb70812fa1bc5f022022-01-05 10:03:35.212root 11241100x80000000000000006962568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bba364007809ba2022-01-05 10:03:35.212root 11241100x80000000000000006962569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481696143e53b7022022-01-05 10:03:35.212root 11241100x80000000000000006962570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96f6e399afc016e2022-01-05 10:03:35.213root 11241100x80000000000000006962571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4320dc196a9297432022-01-05 10:03:35.213root 11241100x80000000000000006962572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bf7bce4823284f2022-01-05 10:03:35.213root 11241100x80000000000000006962573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6a04b7bd349b232022-01-05 10:03:35.213root 11241100x80000000000000006962574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403c14d0477672542022-01-05 10:03:35.213root 11241100x80000000000000006962575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e6f2ee2e5f1a6a2022-01-05 10:03:35.213root 11241100x80000000000000006962576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c1f581f767862b2022-01-05 10:03:35.213root 11241100x80000000000000006962577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c80d83f08fc5382022-01-05 10:03:35.214root 11241100x80000000000000006962578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41680ce96be198792022-01-05 10:03:35.214root 11241100x80000000000000006962579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5dd53d261b2e952022-01-05 10:03:35.214root 11241100x80000000000000006962580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a8a2571abe3d9b2022-01-05 10:03:35.214root 11241100x80000000000000006962581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dac2bcc27497a622022-01-05 10:03:35.214root 11241100x80000000000000006962582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce4d91b21ea9b572022-01-05 10:03:35.214root 11241100x80000000000000006962583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2034af2eaaddc2b2022-01-05 10:03:35.214root 11241100x80000000000000006962584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8529ff346dc07762022-01-05 10:03:35.215root 11241100x80000000000000006962585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b530552f4b8cfe4a2022-01-05 10:03:35.215root 11241100x80000000000000006962586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8727641f0ab203e2022-01-05 10:03:35.215root 11241100x80000000000000006962587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb997d35b6cf512022-01-05 10:03:35.215root 11241100x80000000000000006962588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1174045e4fc8722022-01-05 10:03:35.710root 11241100x80000000000000006962589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24efedee8dcc75192022-01-05 10:03:35.711root 11241100x80000000000000006962590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b563266368fd99862022-01-05 10:03:35.711root 11241100x80000000000000006962591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6d533868c4445c2022-01-05 10:03:35.711root 11241100x80000000000000006962592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d77d935a7460d2022-01-05 10:03:35.711root 11241100x80000000000000006962593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ca0f8c2c613a782022-01-05 10:03:35.711root 11241100x80000000000000006962594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305132213976ec2a2022-01-05 10:03:35.711root 11241100x80000000000000006962595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fafe23850e690202022-01-05 10:03:35.711root 11241100x80000000000000006962596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4947d1df95a58d2022-01-05 10:03:35.711root 11241100x80000000000000006962597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9942e1a1f33a98a72022-01-05 10:03:35.711root 11241100x80000000000000006962598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8089f9327c93f182022-01-05 10:03:35.711root 11241100x80000000000000006962599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce1833bc727c94d2022-01-05 10:03:35.711root 11241100x80000000000000006962600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079d7187a5a93da62022-01-05 10:03:35.711root 11241100x80000000000000006962601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b80369c1f874e32022-01-05 10:03:35.711root 11241100x80000000000000006962602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7c8e491bdb091b2022-01-05 10:03:35.711root 11241100x80000000000000006962603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e8c322fca5fe252022-01-05 10:03:35.711root 11241100x80000000000000006962604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ec547bb5ad5142022-01-05 10:03:35.712root 11241100x80000000000000006962605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c673c67da387137d2022-01-05 10:03:35.712root 11241100x80000000000000006962606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb7dbe10edad0632022-01-05 10:03:35.712root 11241100x80000000000000006962607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28354921bd5480372022-01-05 10:03:35.712root 11241100x80000000000000006962608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90292f586cbe2e02022-01-05 10:03:35.712root 11241100x80000000000000006962609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf270d6faefb7c62022-01-05 10:03:35.712root 11241100x80000000000000006962610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84280669204f00562022-01-05 10:03:35.712root 11241100x80000000000000006962611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f46943f68caa3122022-01-05 10:03:35.712root 11241100x80000000000000006962612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad65269f0a6899f2022-01-05 10:03:35.712root 11241100x80000000000000006962613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ced7155cf733f82022-01-05 10:03:35.712root 11241100x80000000000000006962614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87460fd6b93c07522022-01-05 10:03:35.712root 11241100x80000000000000006962615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8fd904efb5d9142022-01-05 10:03:35.712root 11241100x80000000000000006962616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d37632d5eca9cd2022-01-05 10:03:35.712root 11241100x80000000000000006962617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebb3d27232a2f3e2022-01-05 10:03:35.712root 11241100x80000000000000006962618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116c72b9d6b176da2022-01-05 10:03:35.712root 11241100x80000000000000006962619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db6d82e0d2047ec2022-01-05 10:03:35.712root 11241100x80000000000000006962620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68eb8db2e6936e82022-01-05 10:03:35.713root 11241100x80000000000000006962621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24188e7423c42b4e2022-01-05 10:03:35.713root 11241100x80000000000000006962622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670fe6a8bd7d0bd52022-01-05 10:03:35.713root 11241100x80000000000000006962623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6a930711fc68472022-01-05 10:03:35.713root 11241100x80000000000000006962624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd808609dee5fac2022-01-05 10:03:35.713root 11241100x80000000000000006962625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d83814e35e091772022-01-05 10:03:36.210root 11241100x80000000000000006962626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fbef2b4537cbf62022-01-05 10:03:36.211root 11241100x80000000000000006962627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcb117bcc1a3a612022-01-05 10:03:36.211root 11241100x80000000000000006962628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc87561df9e85102022-01-05 10:03:36.211root 11241100x80000000000000006962629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4054ac02a2b6c0202022-01-05 10:03:36.211root 11241100x80000000000000006962630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696569685e7c4b002022-01-05 10:03:36.211root 11241100x80000000000000006962631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386883c905407d6a2022-01-05 10:03:36.211root 11241100x80000000000000006962632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5f9573107819042022-01-05 10:03:36.211root 11241100x80000000000000006962633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c29b290f90c0c382022-01-05 10:03:36.211root 11241100x80000000000000006962634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f24a3a601e7ceb2022-01-05 10:03:36.211root 11241100x80000000000000006962635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6e9fc91705147e2022-01-05 10:03:36.211root 11241100x80000000000000006962636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97619ee51a875e612022-01-05 10:03:36.211root 11241100x80000000000000006962637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82e55cdb708dc702022-01-05 10:03:36.211root 11241100x80000000000000006962638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20805180883520c2022-01-05 10:03:36.211root 11241100x80000000000000006962639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a74e4d2789d7d02022-01-05 10:03:36.211root 11241100x80000000000000006962640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f805fbe2eb5113762022-01-05 10:03:36.211root 11241100x80000000000000006962641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc00c262b444102022-01-05 10:03:36.212root 11241100x80000000000000006962642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d951b7acbe8f5062022-01-05 10:03:36.212root 11241100x80000000000000006962643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b6fe3345116ece2022-01-05 10:03:36.212root 11241100x80000000000000006962644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44793e120bc4d4ff2022-01-05 10:03:36.212root 11241100x80000000000000006962645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe955fc6622af0bd2022-01-05 10:03:36.212root 11241100x80000000000000006962646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8bf7b5d730b3692022-01-05 10:03:36.212root 11241100x80000000000000006962647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bfd7cbd457f36f2022-01-05 10:03:36.212root 11241100x80000000000000006962648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0edc6e16e6790a12022-01-05 10:03:36.212root 11241100x80000000000000006962649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad79ce0efcabbcb22022-01-05 10:03:36.212root 11241100x80000000000000006962650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e718e25ce7adfe4a2022-01-05 10:03:36.212root 11241100x80000000000000006962651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d427742a8082059d2022-01-05 10:03:36.212root 11241100x80000000000000006962652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af870e8b8049c77d2022-01-05 10:03:36.212root 11241100x80000000000000006962653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f65e6e10271b7ae2022-01-05 10:03:36.212root 11241100x80000000000000006962654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902dff018d11726e2022-01-05 10:03:36.212root 11241100x80000000000000006962655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baac3d4c8fb28d92022-01-05 10:03:36.212root 11241100x80000000000000006962656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b240001b5229acd92022-01-05 10:03:36.212root 11241100x80000000000000006962657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c383106b541e10c82022-01-05 10:03:36.213root 11241100x80000000000000006962658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3450d46475c6e4db2022-01-05 10:03:36.213root 11241100x80000000000000006962659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea948146021375a2022-01-05 10:03:36.213root 11241100x80000000000000006962660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee397943e7420ae2022-01-05 10:03:36.213root 11241100x80000000000000006962661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8702f977459c432022-01-05 10:03:36.213root 11241100x80000000000000006962662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de389cb48a2a7d512022-01-05 10:03:36.710root 11241100x80000000000000006962663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31b600b7d2ef8642022-01-05 10:03:36.711root 11241100x80000000000000006962664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508ac2b8e2e60792022-01-05 10:03:36.711root 11241100x80000000000000006962665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182a7865c0f509e92022-01-05 10:03:36.711root 11241100x80000000000000006962666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418b580fff96c5582022-01-05 10:03:36.711root 11241100x80000000000000006962667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60af3e711c75b3502022-01-05 10:03:36.711root 11241100x80000000000000006962668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb98e0666758db5e2022-01-05 10:03:36.711root 11241100x80000000000000006962669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600efab4d02340702022-01-05 10:03:36.711root 11241100x80000000000000006962670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b2c2d9f0da711f2022-01-05 10:03:36.711root 11241100x80000000000000006962671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae67abdb0f0aa602022-01-05 10:03:36.711root 11241100x80000000000000006962672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c338188a0b78512022-01-05 10:03:36.711root 11241100x80000000000000006962673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7113a931d7c980f02022-01-05 10:03:36.711root 11241100x80000000000000006962674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea52b5f39d47b2f2022-01-05 10:03:36.711root 11241100x80000000000000006962675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cf05a77fc66d972022-01-05 10:03:36.711root 11241100x80000000000000006962676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c50cc527b54da202022-01-05 10:03:36.711root 11241100x80000000000000006962677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c406ff9a75e5e91c2022-01-05 10:03:36.711root 11241100x80000000000000006962678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5765b2528702912022-01-05 10:03:36.712root 11241100x80000000000000006962679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa020d15d16994c2022-01-05 10:03:36.712root 11241100x80000000000000006962680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195be39dd32a38552022-01-05 10:03:36.712root 11241100x80000000000000006962681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e30f0727be2e162022-01-05 10:03:36.712root 11241100x80000000000000006962682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec8731cd17f063e2022-01-05 10:03:36.712root 11241100x80000000000000006962683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce6126b3ce221572022-01-05 10:03:36.712root 11241100x80000000000000006962684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f88a933746548d2022-01-05 10:03:36.712root 11241100x80000000000000006962685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54321cb6a256b6be2022-01-05 10:03:36.712root 11241100x80000000000000006962686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0824e1a037695a0a2022-01-05 10:03:36.713root 11241100x80000000000000006962687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9bd54109a94af22022-01-05 10:03:36.714root 11241100x80000000000000006962688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698ae175f9b0ec392022-01-05 10:03:36.714root 11241100x80000000000000006962689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f13aa8ca71a1cc2022-01-05 10:03:36.714root 11241100x80000000000000006962690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e920d871b19fb57b2022-01-05 10:03:36.714root 11241100x80000000000000006962691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c63a4895c8350732022-01-05 10:03:36.714root 11241100x80000000000000006962692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe7e30f852310542022-01-05 10:03:36.714root 11241100x80000000000000006962693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cc6a20d275550a2022-01-05 10:03:36.714root 11241100x80000000000000006962694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8735ad9ca8597b52022-01-05 10:03:36.714root 11241100x80000000000000006962695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cc6c2944befd702022-01-05 10:03:36.714root 11241100x80000000000000006962696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442ec3b5db943d972022-01-05 10:03:36.714root 11241100x80000000000000006962697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6be4efd3e37eeb2022-01-05 10:03:36.715root 11241100x80000000000000006962698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:36.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b9b82abf3c42c22022-01-05 10:03:36.715root 11241100x80000000000000006962699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca3be702ba82ca02022-01-05 10:03:37.210root 11241100x80000000000000006962700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b5063013f9f5a72022-01-05 10:03:37.211root 11241100x80000000000000006962701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6841d7899cc910c12022-01-05 10:03:37.211root 11241100x80000000000000006962702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06965bcdfbb6cea02022-01-05 10:03:37.211root 11241100x80000000000000006962703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c728eca57e5474a2022-01-05 10:03:37.211root 11241100x80000000000000006962704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67078aa30a14a452022-01-05 10:03:37.211root 11241100x80000000000000006962705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376dee1a111874d52022-01-05 10:03:37.211root 11241100x80000000000000006962706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df48f14509c95532022-01-05 10:03:37.211root 11241100x80000000000000006962707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b6bb9a4c38905a2022-01-05 10:03:37.211root 11241100x80000000000000006962708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c3510242e29f752022-01-05 10:03:37.211root 11241100x80000000000000006962709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816ee47ee2a56b6b2022-01-05 10:03:37.211root 11241100x80000000000000006962710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508fb119a364657d2022-01-05 10:03:37.211root 11241100x80000000000000006962711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f63c1fe32f92572022-01-05 10:03:37.211root 11241100x80000000000000006962712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c20d8c5b318be4d2022-01-05 10:03:37.211root 11241100x80000000000000006962713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1076c584618ea57d2022-01-05 10:03:37.211root 11241100x80000000000000006962714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8d763ae6bed0472022-01-05 10:03:37.211root 11241100x80000000000000006962715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf03564a8cac0eb2022-01-05 10:03:37.212root 11241100x80000000000000006962716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df931d00012c9532022-01-05 10:03:37.212root 11241100x80000000000000006962717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31039e2f085eedb2022-01-05 10:03:37.212root 11241100x80000000000000006962718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7ba7219f2d2eff2022-01-05 10:03:37.212root 11241100x80000000000000006962719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2269abb8d6ee0afc2022-01-05 10:03:37.212root 11241100x80000000000000006962720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9624b07078cec2d2022-01-05 10:03:37.212root 11241100x80000000000000006962721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15515fefed37aed2022-01-05 10:03:37.212root 11241100x80000000000000006962722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8839afc61691ad52022-01-05 10:03:37.212root 11241100x80000000000000006962723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd364068d881abfd2022-01-05 10:03:37.212root 11241100x80000000000000006962724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689dd152847022f72022-01-05 10:03:37.212root 11241100x80000000000000006962725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764540f1b348ff932022-01-05 10:03:37.212root 11241100x80000000000000006962726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe4128d8c6698262022-01-05 10:03:37.212root 11241100x80000000000000006962727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313cb3f75b98d2542022-01-05 10:03:37.212root 11241100x80000000000000006962728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ff6810941f000f2022-01-05 10:03:37.212root 11241100x80000000000000006962729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c06df0501c115c2022-01-05 10:03:37.212root 11241100x80000000000000006962730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67e88afec54005b2022-01-05 10:03:37.213root 11241100x80000000000000006962731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc5b4243d473efe2022-01-05 10:03:37.213root 11241100x80000000000000006962732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fadd13752d3096f2022-01-05 10:03:37.213root 11241100x80000000000000006962733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcc57845e5019362022-01-05 10:03:37.213root 11241100x80000000000000006962734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2af0003f7988512022-01-05 10:03:37.213root 11241100x80000000000000006962735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5385b638de83a5d2022-01-05 10:03:37.213root 11241100x80000000000000006962736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae58cc2a1015b5852022-01-05 10:03:37.710root 11241100x80000000000000006962737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4421188d529d1a2022-01-05 10:03:37.711root 11241100x80000000000000006962738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f54b9580eb1238c2022-01-05 10:03:37.711root 11241100x80000000000000006962739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108f7d624120c7f82022-01-05 10:03:37.711root 11241100x80000000000000006962740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290a798f873beaf92022-01-05 10:03:37.711root 11241100x80000000000000006962741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce5285a9b51139b2022-01-05 10:03:37.711root 11241100x80000000000000006962742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b641bce46dbf202022-01-05 10:03:37.711root 11241100x80000000000000006962743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5419bc629e806a2022-01-05 10:03:37.711root 11241100x80000000000000006962744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72672d95c119050f2022-01-05 10:03:37.711root 11241100x80000000000000006962745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479eb965b6b62eb02022-01-05 10:03:37.711root 11241100x80000000000000006962746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bb7f2360bf9ab22022-01-05 10:03:37.711root 11241100x80000000000000006962747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85e548fdd8ed8a72022-01-05 10:03:37.711root 11241100x80000000000000006962748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d8674800cccc2b2022-01-05 10:03:37.711root 11241100x80000000000000006962749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87b06ae408a3b362022-01-05 10:03:37.711root 11241100x80000000000000006962750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfc26d3cee5532b2022-01-05 10:03:37.711root 11241100x80000000000000006962751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155e780c94e732a72022-01-05 10:03:37.712root 11241100x80000000000000006962752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6cf138b9b33da72022-01-05 10:03:37.712root 11241100x80000000000000006962753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071e20a8c79399652022-01-05 10:03:37.712root 11241100x80000000000000006962754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f666b947ae75c6c2022-01-05 10:03:37.712root 11241100x80000000000000006962755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d621271702853c2022-01-05 10:03:37.712root 11241100x80000000000000006962756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac380cb116bd40d2022-01-05 10:03:37.712root 11241100x80000000000000006962757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bcd155ce122f3d2022-01-05 10:03:37.712root 11241100x80000000000000006962758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef4a1ce59d73cde2022-01-05 10:03:37.712root 11241100x80000000000000006962759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127b775f711d0b3c2022-01-05 10:03:37.712root 11241100x80000000000000006962760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5018b2f87d5bc9b2022-01-05 10:03:37.712root 11241100x80000000000000006962761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb799a9cb3de673d2022-01-05 10:03:37.712root 11241100x80000000000000006962762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbacf268a88b76802022-01-05 10:03:37.712root 11241100x80000000000000006962763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28de9fac467d00a2022-01-05 10:03:37.712root 11241100x80000000000000006962764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bccd72d743fb772022-01-05 10:03:37.712root 11241100x80000000000000006962765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edc55885ed351442022-01-05 10:03:37.712root 11241100x80000000000000006962766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb5fe52399f46f72022-01-05 10:03:37.712root 11241100x80000000000000006962767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feef6277a50cb3632022-01-05 10:03:37.713root 11241100x80000000000000006962768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66ad2e41ddc6d1f2022-01-05 10:03:37.713root 11241100x80000000000000006962769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8a6dc85f2fb13b2022-01-05 10:03:37.713root 11241100x80000000000000006962770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8dfed070db33162022-01-05 10:03:37.713root 11241100x80000000000000006962771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f2c5c4f0c70a4d2022-01-05 10:03:37.713root 11241100x80000000000000006962772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:37.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44df07ad7388e2ef2022-01-05 10:03:37.713root 11241100x80000000000000006962773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75ac3196263ec822022-01-05 10:03:38.211root 11241100x80000000000000006962774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c156be99c83f7dc52022-01-05 10:03:38.211root 11241100x80000000000000006962775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4154cb4a5691b5b92022-01-05 10:03:38.211root 11241100x80000000000000006962776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b07a5759e0bfe772022-01-05 10:03:38.211root 11241100x80000000000000006962777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca4aa7cd85751f72022-01-05 10:03:38.211root 11241100x80000000000000006962778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55a489651aca7652022-01-05 10:03:38.211root 11241100x80000000000000006962779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e69fba7a5653d62022-01-05 10:03:38.211root 11241100x80000000000000006962780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9f4a5e921ae2462022-01-05 10:03:38.211root 11241100x80000000000000006962781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afae448bb93f01482022-01-05 10:03:38.211root 11241100x80000000000000006962782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8896f48a1b2b4a942022-01-05 10:03:38.211root 11241100x80000000000000006962783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80798f4f3ab491c42022-01-05 10:03:38.211root 11241100x80000000000000006962784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e83bf07a4eefe0f2022-01-05 10:03:38.211root 11241100x80000000000000006962785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15705e3a463955b2022-01-05 10:03:38.211root 11241100x80000000000000006962786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2e499ae2ebe6212022-01-05 10:03:38.211root 11241100x80000000000000006962787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f740239f667f5a4b2022-01-05 10:03:38.212root 11241100x80000000000000006962788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6471b1fac71ae1ff2022-01-05 10:03:38.212root 11241100x80000000000000006962789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9bae22408560302022-01-05 10:03:38.212root 11241100x80000000000000006962790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650f8a7bc33e0fbd2022-01-05 10:03:38.212root 11241100x80000000000000006962791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab72e5ac92cfebd2022-01-05 10:03:38.212root 11241100x80000000000000006962792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae45abc7fb369282022-01-05 10:03:38.212root 11241100x80000000000000006962793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d58480b3cbc76f72022-01-05 10:03:38.212root 11241100x80000000000000006962794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6349b5a4030dc02022-01-05 10:03:38.212root 11241100x80000000000000006962795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9fb2a204919bcd2022-01-05 10:03:38.212root 11241100x80000000000000006962796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e0acef63108a3d2022-01-05 10:03:38.212root 11241100x80000000000000006962797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c01ff8883d10fd22022-01-05 10:03:38.212root 11241100x80000000000000006962798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2137495cf7ba86a2022-01-05 10:03:38.212root 11241100x80000000000000006962799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0bf7f0da9afee82022-01-05 10:03:38.212root 11241100x80000000000000006962800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29e59923ed47b5c2022-01-05 10:03:38.213root 11241100x80000000000000006962801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f60b05bf9dad9a32022-01-05 10:03:38.213root 11241100x80000000000000006962802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6892d89248acf1992022-01-05 10:03:38.213root 11241100x80000000000000006962803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d54e49032fa0422022-01-05 10:03:38.213root 11241100x80000000000000006962804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b314050f8855d4762022-01-05 10:03:38.213root 11241100x80000000000000006962805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0cf4354c5346de2022-01-05 10:03:38.213root 11241100x80000000000000006962806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e211e8a35e36d2022-01-05 10:03:38.214root 11241100x80000000000000006962807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef93d6c37e9380d2022-01-05 10:03:38.214root 11241100x80000000000000006962808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690e6d7011ecdc502022-01-05 10:03:38.214root 11241100x80000000000000006962809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22aedfbb780c93e2022-01-05 10:03:38.214root 11241100x80000000000000006962810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7874787233f00a772022-01-05 10:03:38.710root 11241100x80000000000000006962811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc341ddaefd24072022-01-05 10:03:38.711root 11241100x80000000000000006962812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4a734e68f296562022-01-05 10:03:38.711root 11241100x80000000000000006962813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32df883db7c7981b2022-01-05 10:03:38.711root 11241100x80000000000000006962814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df760b969aad59dd2022-01-05 10:03:38.712root 11241100x80000000000000006962815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e480d47a52fb9932022-01-05 10:03:38.712root 11241100x80000000000000006962816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fee39e9cdb64d82022-01-05 10:03:38.712root 11241100x80000000000000006962817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b675586e6e58ad322022-01-05 10:03:38.712root 11241100x80000000000000006962818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39c3366ef19676b2022-01-05 10:03:38.712root 11241100x80000000000000006962819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d88d9b70c27f932022-01-05 10:03:38.713root 11241100x80000000000000006962820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7936b139901fc1922022-01-05 10:03:38.713root 11241100x80000000000000006962821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9febf209ab2c9e4c2022-01-05 10:03:38.713root 11241100x80000000000000006962822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2b37e67ca1104c2022-01-05 10:03:38.713root 11241100x80000000000000006962823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cad60f05d843142022-01-05 10:03:38.714root 11241100x80000000000000006962824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083e9cee647321772022-01-05 10:03:38.714root 11241100x80000000000000006962825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f750e6bfc9e6e9f42022-01-05 10:03:38.714root 11241100x80000000000000006962826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4465c7f15362b262022-01-05 10:03:38.714root 11241100x80000000000000006962827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f164bc4ed796b972022-01-05 10:03:38.715root 11241100x80000000000000006962828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e74c70c9b1c152022-01-05 10:03:38.715root 11241100x80000000000000006962829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6521ab58025e002022-01-05 10:03:38.715root 11241100x80000000000000006962830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8411a41c4c7b282022-01-05 10:03:38.715root 11241100x80000000000000006962831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f715cd60c31ffc8b2022-01-05 10:03:38.716root 11241100x80000000000000006962832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7913c2807211c12022-01-05 10:03:38.716root 11241100x80000000000000006962833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db6faf5a208432c2022-01-05 10:03:38.716root 11241100x80000000000000006962834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2e0adf2e31d4a82022-01-05 10:03:38.716root 11241100x80000000000000006962835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc933151dac65502022-01-05 10:03:38.716root 11241100x80000000000000006962836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3f19b1c162da972022-01-05 10:03:38.717root 11241100x80000000000000006962837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee193562dd264fa2022-01-05 10:03:38.717root 11241100x80000000000000006962838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178ac28c205c37162022-01-05 10:03:38.717root 11241100x80000000000000006962839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24052d05209f831e2022-01-05 10:03:38.717root 11241100x80000000000000006962840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9e4fa8d09595242022-01-05 10:03:38.718root 11241100x80000000000000006962841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0b10601b5f73452022-01-05 10:03:38.718root 11241100x80000000000000006962842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb7dcd0489a936b2022-01-05 10:03:38.718root 11241100x80000000000000006962843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4ce27b45b693382022-01-05 10:03:38.718root 11241100x80000000000000006962844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6af5a5bfff9b3642022-01-05 10:03:38.718root 11241100x80000000000000006962845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e307a264bab2beea2022-01-05 10:03:38.719root 11241100x80000000000000006962846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:38.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac59adeae700bf62022-01-05 10:03:38.719root 11241100x80000000000000006962847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839044dd5ccd9b292022-01-05 10:03:39.211root 11241100x80000000000000006962848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408bcb9ebde378952022-01-05 10:03:39.211root 11241100x80000000000000006962849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8516e08512899b2022-01-05 10:03:39.211root 11241100x80000000000000006962850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723e3fe9374272ba2022-01-05 10:03:39.211root 11241100x80000000000000006962851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde343e33be46a162022-01-05 10:03:39.212root 11241100x80000000000000006962852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912ce49dbae77cdd2022-01-05 10:03:39.212root 11241100x80000000000000006962853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e007551495571592022-01-05 10:03:39.212root 11241100x80000000000000006962854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153c790594c44f472022-01-05 10:03:39.212root 11241100x80000000000000006962855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1fae4762e7a5f52022-01-05 10:03:39.212root 11241100x80000000000000006962856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7ccaa4e42844b22022-01-05 10:03:39.212root 11241100x80000000000000006962857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed985bb7bd5b05232022-01-05 10:03:39.213root 11241100x80000000000000006962858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b58a17cb46800272022-01-05 10:03:39.213root 11241100x80000000000000006962859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863fdff94cc5b6f12022-01-05 10:03:39.213root 11241100x80000000000000006962860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516a9c0df4add8b02022-01-05 10:03:39.213root 11241100x80000000000000006962861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb486fcde390f522022-01-05 10:03:39.214root 11241100x80000000000000006962862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06aedebde267b672022-01-05 10:03:39.214root 11241100x80000000000000006962863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e93f80d74ef160f2022-01-05 10:03:39.214root 11241100x80000000000000006962864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feb968ded7d99e82022-01-05 10:03:39.214root 11241100x80000000000000006962865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde4b96ae2da4c72022-01-05 10:03:39.214root 11241100x80000000000000006962866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b073ece596bfbd92022-01-05 10:03:39.214root 11241100x80000000000000006962867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f2ae44daae5bff2022-01-05 10:03:39.215root 11241100x80000000000000006962868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182a6011e2bcf1152022-01-05 10:03:39.215root 11241100x80000000000000006962869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26c5fee54e7c9052022-01-05 10:03:39.215root 11241100x80000000000000006962870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1032a87d21c954982022-01-05 10:03:39.215root 11241100x80000000000000006962871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7d5c68a9b8de7a2022-01-05 10:03:39.215root 11241100x80000000000000006962872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d556956f9ac7b6502022-01-05 10:03:39.215root 11241100x80000000000000006962873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3bcedb6ddeb2ec2022-01-05 10:03:39.215root 11241100x80000000000000006962874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2880ae10ebe3da52022-01-05 10:03:39.215root 11241100x80000000000000006962875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b34e219aa43d0bf2022-01-05 10:03:39.215root 11241100x80000000000000006962876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7176db4cd35e3022022-01-05 10:03:39.215root 11241100x80000000000000006962877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae6833a321b83fe2022-01-05 10:03:39.216root 11241100x80000000000000006962878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932a19d27af864ac2022-01-05 10:03:39.216root 11241100x80000000000000006962879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1e7d4bb6ec4a4e2022-01-05 10:03:39.216root 11241100x80000000000000006962880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c02c6a056eb03482022-01-05 10:03:39.216root 11241100x80000000000000006962881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d099acb2b31cb3032022-01-05 10:03:39.216root 11241100x80000000000000006962882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581685856c42650a2022-01-05 10:03:39.216root 11241100x80000000000000006962883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867dd4306197319b2022-01-05 10:03:39.216root 354300x80000000000000006962884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.235{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41738-false10.0.1.12-8000- 11241100x80000000000000006962885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7e22c9a912a5292022-01-05 10:03:39.710root 11241100x80000000000000006962886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b1380ecce35eb22022-01-05 10:03:39.711root 11241100x80000000000000006962887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e4a4ed592ef92e2022-01-05 10:03:39.711root 11241100x80000000000000006962888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3dcdb1269742e42022-01-05 10:03:39.711root 11241100x80000000000000006962889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec4415f398078162022-01-05 10:03:39.711root 11241100x80000000000000006962890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cf705e315de48e2022-01-05 10:03:39.711root 11241100x80000000000000006962891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f714f9585033d4de2022-01-05 10:03:39.711root 11241100x80000000000000006962892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e305a518ffeb98982022-01-05 10:03:39.711root 11241100x80000000000000006962893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9805eddc3ee578132022-01-05 10:03:39.711root 11241100x80000000000000006962894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0935cb7e9671d28b2022-01-05 10:03:39.711root 11241100x80000000000000006962895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1f986ef378a8c92022-01-05 10:03:39.711root 11241100x80000000000000006962896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358facd7e7a202242022-01-05 10:03:39.711root 11241100x80000000000000006962897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32a2ecfff0a933d2022-01-05 10:03:39.711root 11241100x80000000000000006962898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1e27bfb06ed4f42022-01-05 10:03:39.711root 11241100x80000000000000006962899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3460e52d13af47c02022-01-05 10:03:39.711root 11241100x80000000000000006962900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5719c9d27897952022-01-05 10:03:39.711root 11241100x80000000000000006962901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1b7c0c6c8d41962022-01-05 10:03:39.712root 11241100x80000000000000006962902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e2409948621e5e2022-01-05 10:03:39.712root 11241100x80000000000000006962903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8b265d1545aa582022-01-05 10:03:39.712root 11241100x80000000000000006962904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7645b11ba303242022-01-05 10:03:39.712root 11241100x80000000000000006962905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7272c6dbbc147232022-01-05 10:03:39.712root 11241100x80000000000000006962906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d95030b757f53fd2022-01-05 10:03:39.712root 11241100x80000000000000006962907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd74be2a238b5362022-01-05 10:03:39.712root 11241100x80000000000000006962908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe09a9379b16b352022-01-05 10:03:39.712root 11241100x80000000000000006962909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4040d6fa57071dc22022-01-05 10:03:39.712root 11241100x80000000000000006962910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d43da9d610654b2022-01-05 10:03:39.712root 11241100x80000000000000006962911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc79d6860b1bc552022-01-05 10:03:39.712root 11241100x80000000000000006962912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8073bd8af113ecce2022-01-05 10:03:39.712root 11241100x80000000000000006962913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0d65e6a92d1b892022-01-05 10:03:39.712root 11241100x80000000000000006962914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c02cdf98722e9f42022-01-05 10:03:39.712root 11241100x80000000000000006962915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674acd1f8d223ef42022-01-05 10:03:39.712root 11241100x80000000000000006962916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585481436f1e39632022-01-05 10:03:39.712root 11241100x80000000000000006962917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951f8a8cbd202b932022-01-05 10:03:39.714root 11241100x80000000000000006962918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77735ab7da06a58d2022-01-05 10:03:39.714root 11241100x80000000000000006962919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128a2056bc71d59b2022-01-05 10:03:39.714root 11241100x80000000000000006962920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cbe00ae93cd82b2022-01-05 10:03:39.714root 11241100x80000000000000006962921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeac6859114a4742022-01-05 10:03:39.714root 11241100x80000000000000006962922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cead94ba600293cf2022-01-05 10:03:39.714root 11241100x80000000000000006962923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669aa4fa20f36bef2022-01-05 10:03:40.211root 11241100x80000000000000006962924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47419f695f9cb3a72022-01-05 10:03:40.211root 11241100x80000000000000006962925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502c99953ba942672022-01-05 10:03:40.212root 11241100x80000000000000006962926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecccefc4f57312c32022-01-05 10:03:40.212root 11241100x80000000000000006962927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7aad56d330db9d2022-01-05 10:03:40.212root 11241100x80000000000000006962928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66330590e862ed632022-01-05 10:03:40.212root 11241100x80000000000000006962929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c54b0b43da86792022-01-05 10:03:40.212root 11241100x80000000000000006962930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e370fa4016784a92022-01-05 10:03:40.212root 11241100x80000000000000006962931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b3b58564e875fb2022-01-05 10:03:40.212root 11241100x80000000000000006962932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59458d2ab96984b2022-01-05 10:03:40.212root 11241100x80000000000000006962933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c33a6b551e18692022-01-05 10:03:40.212root 11241100x80000000000000006962934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a70793ea943fc62022-01-05 10:03:40.212root 11241100x80000000000000006962935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca17f5f4c91df2a42022-01-05 10:03:40.212root 11241100x80000000000000006962936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef47dd0b921449972022-01-05 10:03:40.213root 11241100x80000000000000006962937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7694afbcda37f612022-01-05 10:03:40.213root 11241100x80000000000000006962938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ef1da5a13959902022-01-05 10:03:40.213root 11241100x80000000000000006962939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f648135ee38016152022-01-05 10:03:40.213root 11241100x80000000000000006962940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e33198d7c04abd2022-01-05 10:03:40.213root 11241100x80000000000000006962941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3851c43786a40cdc2022-01-05 10:03:40.213root 11241100x80000000000000006962942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f304f92715697d2022-01-05 10:03:40.213root 11241100x80000000000000006962943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57409f8547b76132022-01-05 10:03:40.213root 11241100x80000000000000006962944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ea6f6ed5b214792022-01-05 10:03:40.213root 11241100x80000000000000006962945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1032f184cc7fb62022-01-05 10:03:40.213root 11241100x80000000000000006962946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37871d8ce511a49a2022-01-05 10:03:40.213root 11241100x80000000000000006962947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8dc24a96d1a3812022-01-05 10:03:40.213root 11241100x80000000000000006962948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792a4b4a87482fde2022-01-05 10:03:40.214root 11241100x80000000000000006962949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21154291c2f2a17a2022-01-05 10:03:40.214root 11241100x80000000000000006962950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4686e198204d132022-01-05 10:03:40.214root 11241100x80000000000000006962951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd420ccb1d7608ec2022-01-05 10:03:40.214root 11241100x80000000000000006962952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfeb5a72a09bfa92022-01-05 10:03:40.214root 11241100x80000000000000006962953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e43581343367dd02022-01-05 10:03:40.214root 11241100x80000000000000006962954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5beee9981d4b29a2022-01-05 10:03:40.214root 11241100x80000000000000006962955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf5fee7dc48ba692022-01-05 10:03:40.214root 11241100x80000000000000006962956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd15dd903421fd092022-01-05 10:03:40.214root 11241100x80000000000000006962957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b226b06a72e99852022-01-05 10:03:40.214root 11241100x80000000000000006962958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d999f643febc66032022-01-05 10:03:40.215root 11241100x80000000000000006962959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90ced331a0a34dd2022-01-05 10:03:40.215root 11241100x80000000000000006962960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade8bea8bf5da4492022-01-05 10:03:40.215root 11241100x80000000000000006962961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ecb8a12312755c2022-01-05 10:03:40.711root 11241100x80000000000000006962962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6575ce37b6d97b2022-01-05 10:03:40.711root 11241100x80000000000000006962963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770a019e9bfffc1a2022-01-05 10:03:40.711root 11241100x80000000000000006962964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339da268694b2a142022-01-05 10:03:40.711root 11241100x80000000000000006962965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365e1dc1f2c076672022-01-05 10:03:40.711root 11241100x80000000000000006962966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f856a3962abce3392022-01-05 10:03:40.711root 11241100x80000000000000006962967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab400e4fa5251d0d2022-01-05 10:03:40.711root 11241100x80000000000000006962968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1486d9c800cb24a2022-01-05 10:03:40.711root 11241100x80000000000000006962969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6764e8dcb7ffd0112022-01-05 10:03:40.711root 11241100x80000000000000006962970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cb9182683d7b9d2022-01-05 10:03:40.711root 11241100x80000000000000006962971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009735f2292c1bae2022-01-05 10:03:40.711root 11241100x80000000000000006962972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ae27f620372b042022-01-05 10:03:40.711root 11241100x80000000000000006962973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1059d39ca350f7c22022-01-05 10:03:40.711root 11241100x80000000000000006962974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c955d6268a159482022-01-05 10:03:40.711root 11241100x80000000000000006962975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbce1233ff9f018f2022-01-05 10:03:40.712root 11241100x80000000000000006962976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df6b9075d36fff82022-01-05 10:03:40.712root 11241100x80000000000000006962977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9631cf8468a7f42022-01-05 10:03:40.712root 11241100x80000000000000006962978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fef14131b9071a2022-01-05 10:03:40.712root 11241100x80000000000000006962979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94bc04deb00f5082022-01-05 10:03:40.712root 11241100x80000000000000006962980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efd690a9aec97d12022-01-05 10:03:40.712root 11241100x80000000000000006962981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df696a6e85287882022-01-05 10:03:40.712root 11241100x80000000000000006962982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2440603c1f310fa52022-01-05 10:03:40.712root 11241100x80000000000000006962983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a7d2ab376bd1d72022-01-05 10:03:40.712root 11241100x80000000000000006962984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb4be2b45dcbc452022-01-05 10:03:40.712root 11241100x80000000000000006962985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5343fbfd0360d0262022-01-05 10:03:40.712root 11241100x80000000000000006962986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce01cf4f6e4670f02022-01-05 10:03:40.712root 11241100x80000000000000006962987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20819e0b9f1a37d92022-01-05 10:03:40.713root 11241100x80000000000000006962988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03052890933c93712022-01-05 10:03:40.713root 11241100x80000000000000006962989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bcbe94f7b98d6a2022-01-05 10:03:40.713root 11241100x80000000000000006962990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45455753f7f2a8fc2022-01-05 10:03:40.713root 11241100x80000000000000006962991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcc16c2689513952022-01-05 10:03:40.713root 11241100x80000000000000006962992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5399bb4d4dfa49ea2022-01-05 10:03:40.713root 11241100x80000000000000006962993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9204be4d3b9a4b562022-01-05 10:03:40.713root 11241100x80000000000000006962994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc6a1ecec60c40d2022-01-05 10:03:40.713root 11241100x80000000000000006962995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55304cade5613fb22022-01-05 10:03:40.713root 11241100x80000000000000006962996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a10b64f49bf1562022-01-05 10:03:40.714root 11241100x80000000000000006962997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6a66d4be8e0ccd2022-01-05 10:03:40.714root 11241100x80000000000000006962998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cf171cb754b89d2022-01-05 10:03:40.714root 11241100x80000000000000006962999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289a4450710148632022-01-05 10:03:41.211root 11241100x80000000000000006963000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3833d7b2fac52b2022-01-05 10:03:41.211root 11241100x80000000000000006963001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a33b270b553c40f2022-01-05 10:03:41.211root 11241100x80000000000000006963002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced2a23caae9d6162022-01-05 10:03:41.211root 11241100x80000000000000006963003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a40690a1fb622ed2022-01-05 10:03:41.211root 11241100x80000000000000006963004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fccb17a6e959e112022-01-05 10:03:41.211root 11241100x80000000000000006963005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7d71c0ef5a3e3d2022-01-05 10:03:41.211root 11241100x80000000000000006963006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc6daf44a4caf442022-01-05 10:03:41.211root 11241100x80000000000000006963007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753a53bba63e67d82022-01-05 10:03:41.211root 11241100x80000000000000006963008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ff387b8c0a6c742022-01-05 10:03:41.211root 11241100x80000000000000006963009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8cdde33e60e3af2022-01-05 10:03:41.212root 11241100x80000000000000006963010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6ed7616ff0094d2022-01-05 10:03:41.212root 11241100x80000000000000006963011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d712d907de25c91a2022-01-05 10:03:41.212root 11241100x80000000000000006963012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f101df8e02667d2022-01-05 10:03:41.212root 11241100x80000000000000006963013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1753573c60de04d22022-01-05 10:03:41.212root 11241100x80000000000000006963014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec67392782e3ef452022-01-05 10:03:41.212root 11241100x80000000000000006963015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e1d95cac54a5162022-01-05 10:03:41.212root 11241100x80000000000000006963016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f767d1d7726651a52022-01-05 10:03:41.212root 11241100x80000000000000006963017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47ed2bbf10b23b42022-01-05 10:03:41.212root 11241100x80000000000000006963018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3140eb88ec2c5f1d2022-01-05 10:03:41.212root 11241100x80000000000000006963019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22bbfec244658d72022-01-05 10:03:41.212root 11241100x80000000000000006963020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f22a6e9fb7aa712022-01-05 10:03:41.212root 11241100x80000000000000006963021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a83bdc76c4bbb072022-01-05 10:03:41.212root 11241100x80000000000000006963022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697423117ceb74392022-01-05 10:03:41.212root 11241100x80000000000000006963023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6736e317889b6d2022-01-05 10:03:41.212root 11241100x80000000000000006963024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f10754330782102022-01-05 10:03:41.213root 11241100x80000000000000006963025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1efee36e4806e4f2022-01-05 10:03:41.213root 11241100x80000000000000006963026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d571d36472b6f562022-01-05 10:03:41.213root 11241100x80000000000000006963027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78096cc9d4363712022-01-05 10:03:41.213root 11241100x80000000000000006963028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1c9d25062fd5882022-01-05 10:03:41.213root 11241100x80000000000000006963029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc469ada095090972022-01-05 10:03:41.213root 11241100x80000000000000006963030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96728348764416432022-01-05 10:03:41.213root 11241100x80000000000000006963031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592dd0b364fbe3492022-01-05 10:03:41.213root 11241100x80000000000000006963032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a114103d7354eede2022-01-05 10:03:41.213root 11241100x80000000000000006963033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bbe694212da7752022-01-05 10:03:41.214root 11241100x80000000000000006963034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad02136ed212e2c62022-01-05 10:03:41.214root 11241100x80000000000000006963035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3fed1e988b3aa42022-01-05 10:03:41.214root 11241100x80000000000000006963036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12de2770265d123e2022-01-05 10:03:41.214root 11241100x80000000000000006963037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17575d093a918df2022-01-05 10:03:41.711root 11241100x80000000000000006963038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bb24da631ad2622022-01-05 10:03:41.711root 11241100x80000000000000006963039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80fcd1cd6941dd42022-01-05 10:03:41.711root 11241100x80000000000000006963040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610ee1149ebd29402022-01-05 10:03:41.711root 11241100x80000000000000006963041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e21c63281558ca2022-01-05 10:03:41.711root 11241100x80000000000000006963042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8505dfe0724c8bb22022-01-05 10:03:41.711root 11241100x80000000000000006963043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d67f10d7d82dc692022-01-05 10:03:41.711root 11241100x80000000000000006963044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cda9cb7aa34b4b2022-01-05 10:03:41.711root 11241100x80000000000000006963045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c130f978687bdb62022-01-05 10:03:41.712root 11241100x80000000000000006963046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9002efa88e17192022-01-05 10:03:41.712root 11241100x80000000000000006963047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39143c89d31d3a3b2022-01-05 10:03:41.712root 11241100x80000000000000006963048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca970f8bb6e9bcf2022-01-05 10:03:41.712root 11241100x80000000000000006963049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c7627dd0cbf7142022-01-05 10:03:41.712root 11241100x80000000000000006963050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9e338e4edb07a82022-01-05 10:03:41.712root 11241100x80000000000000006963051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec6f8cdcd9ad8212022-01-05 10:03:41.712root 11241100x80000000000000006963052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f352bbf4ffdc64842022-01-05 10:03:41.712root 11241100x80000000000000006963053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa19d719d9b66f92022-01-05 10:03:41.712root 11241100x80000000000000006963054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42554b5e9deab36b2022-01-05 10:03:41.712root 11241100x80000000000000006963055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e64181dd08ee5f12022-01-05 10:03:41.712root 11241100x80000000000000006963056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15e844033272a222022-01-05 10:03:41.712root 11241100x80000000000000006963057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f261a2c3e5ed44d2022-01-05 10:03:41.713root 11241100x80000000000000006963058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8a6f936c5df6b72022-01-05 10:03:41.713root 11241100x80000000000000006963059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a455719da9a8172022-01-05 10:03:41.713root 11241100x80000000000000006963060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed696a002734b4de2022-01-05 10:03:41.713root 11241100x80000000000000006963061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86106c5c5d37cfd42022-01-05 10:03:41.713root 11241100x80000000000000006963062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56e603803f540e42022-01-05 10:03:41.713root 11241100x80000000000000006963063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0098a024b73754cf2022-01-05 10:03:41.713root 11241100x80000000000000006963064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfcc4dbaae055432022-01-05 10:03:41.713root 11241100x80000000000000006963065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570b86cc43270cad2022-01-05 10:03:41.713root 11241100x80000000000000006963066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d504579fd5fbb962022-01-05 10:03:41.713root 11241100x80000000000000006963067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab08bde3adb22572022-01-05 10:03:41.713root 11241100x80000000000000006963068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd599a3780648fa2022-01-05 10:03:41.713root 11241100x80000000000000006963069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93654ce1665f07412022-01-05 10:03:41.713root 11241100x80000000000000006963070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb37587e44bcee22022-01-05 10:03:41.713root 11241100x80000000000000006963071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8350371a96fd83f62022-01-05 10:03:41.713root 11241100x80000000000000006963072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d911d449e2d9b4c2022-01-05 10:03:41.714root 11241100x80000000000000006963073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75929ae2f7a4d1a32022-01-05 10:03:41.714root 11241100x80000000000000006963074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d861655e0a140c492022-01-05 10:03:41.714root 11241100x80000000000000006963075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d50f57ad11e84622022-01-05 10:03:42.211root 11241100x80000000000000006963076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bc38badc309bc42022-01-05 10:03:42.211root 11241100x80000000000000006963077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f85a3f705c488262022-01-05 10:03:42.211root 11241100x80000000000000006963078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff0bbf4f590b772022-01-05 10:03:42.211root 11241100x80000000000000006963079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5bab1f2f05c77a2022-01-05 10:03:42.211root 11241100x80000000000000006963080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f349af9c6b060f52022-01-05 10:03:42.211root 11241100x80000000000000006963081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7526d09f8fa08f9c2022-01-05 10:03:42.211root 11241100x80000000000000006963082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c848d200f2ebbe22022-01-05 10:03:42.211root 11241100x80000000000000006963083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b27f3ad767f72e92022-01-05 10:03:42.211root 11241100x80000000000000006963084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241eded2423d2e6d2022-01-05 10:03:42.211root 11241100x80000000000000006963085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0490c5279508d5612022-01-05 10:03:42.211root 11241100x80000000000000006963086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040594aebe010da12022-01-05 10:03:42.211root 11241100x80000000000000006963087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fad65730c242c5d2022-01-05 10:03:42.212root 11241100x80000000000000006963088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c690f29a714e242022-01-05 10:03:42.212root 11241100x80000000000000006963089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9edb242d002c8a2022-01-05 10:03:42.212root 11241100x80000000000000006963090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0008e8f1a3781a8b2022-01-05 10:03:42.212root 11241100x80000000000000006963091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c891f5ec82ed722022-01-05 10:03:42.212root 11241100x80000000000000006963092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b67705db90a61b2022-01-05 10:03:42.212root 11241100x80000000000000006963093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edd33f4bc590a572022-01-05 10:03:42.212root 11241100x80000000000000006963094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebee69ae041a0ed82022-01-05 10:03:42.212root 11241100x80000000000000006963095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc14b7cf82c4b8372022-01-05 10:03:42.212root 11241100x80000000000000006963096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b58099b75fa09872022-01-05 10:03:42.212root 11241100x80000000000000006963097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c613a5c8c9a143ad2022-01-05 10:03:42.212root 11241100x80000000000000006963098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bebcef199b90b4b2022-01-05 10:03:42.212root 11241100x80000000000000006963099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba745509cbc9e0e2022-01-05 10:03:42.212root 11241100x80000000000000006963100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59d4c1062f115052022-01-05 10:03:42.212root 11241100x80000000000000006963101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8098005b5a5dc32022-01-05 10:03:42.212root 11241100x80000000000000006963102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b473a635df6ea35b2022-01-05 10:03:42.212root 11241100x80000000000000006963103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d3588cd9280e272022-01-05 10:03:42.213root 11241100x80000000000000006963104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b042850f5092b74e2022-01-05 10:03:42.213root 11241100x80000000000000006963105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70465014790696292022-01-05 10:03:42.213root 11241100x80000000000000006963106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d41f4cfe2f542b82022-01-05 10:03:42.213root 11241100x80000000000000006963107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a407bb86344a9a32022-01-05 10:03:42.213root 11241100x80000000000000006963108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adc631e50f92bb42022-01-05 10:03:42.213root 11241100x80000000000000006963109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b51a3fc3838ba702022-01-05 10:03:42.213root 11241100x80000000000000006963110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa242d0e13704fba2022-01-05 10:03:42.213root 11241100x80000000000000006963111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d80235552e9fe72022-01-05 10:03:42.213root 11241100x80000000000000006963112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d5f2c823b103df2022-01-05 10:03:42.213root 11241100x80000000000000006963113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7c5122728c2a6a2022-01-05 10:03:42.710root 11241100x80000000000000006963114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1220e39f82c4f9d2022-01-05 10:03:42.711root 11241100x80000000000000006963115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf934d62a348620f2022-01-05 10:03:42.711root 11241100x80000000000000006963116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a669ebe1382772922022-01-05 10:03:42.711root 11241100x80000000000000006963117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5d0a3cb607365a2022-01-05 10:03:42.711root 11241100x80000000000000006963118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ae7e8e4b3300ac2022-01-05 10:03:42.711root 11241100x80000000000000006963119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac24f3c2245813e2022-01-05 10:03:42.711root 11241100x80000000000000006963120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb25d34eebee97272022-01-05 10:03:42.711root 11241100x80000000000000006963121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b237fa0f4cd56de2022-01-05 10:03:42.711root 11241100x80000000000000006963122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6d0cb6580e40e2022-01-05 10:03:42.711root 11241100x80000000000000006963123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f653f9768421b43b2022-01-05 10:03:42.711root 11241100x80000000000000006963124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0618a745565bf52022-01-05 10:03:42.712root 11241100x80000000000000006963125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9818fa5cb46619a22022-01-05 10:03:42.712root 11241100x80000000000000006963126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1012271474292c72022-01-05 10:03:42.712root 11241100x80000000000000006963127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13830a8d82cf6932022-01-05 10:03:42.712root 11241100x80000000000000006963128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d579550d8732ef2022-01-05 10:03:42.712root 11241100x80000000000000006963129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f362bd72d7a924872022-01-05 10:03:42.712root 11241100x80000000000000006963130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484f5b02053b68ba2022-01-05 10:03:42.712root 11241100x80000000000000006963131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ad28ff437a4182022-01-05 10:03:42.712root 11241100x80000000000000006963132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7876153d086a22d2022-01-05 10:03:42.712root 11241100x80000000000000006963133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b9f5f23db1dc722022-01-05 10:03:42.713root 11241100x80000000000000006963134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6465ef01ef5bc2442022-01-05 10:03:42.713root 11241100x80000000000000006963135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720df0f8f11311e92022-01-05 10:03:42.713root 11241100x80000000000000006963136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18d3754fb2959a82022-01-05 10:03:42.713root 11241100x80000000000000006963137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86423aab1fbce79f2022-01-05 10:03:42.713root 11241100x80000000000000006963138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d56fed5982a47e2022-01-05 10:03:42.713root 11241100x80000000000000006963139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdaa6a00c41f6ad2022-01-05 10:03:42.713root 11241100x80000000000000006963140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefcffa128e97bae2022-01-05 10:03:42.713root 11241100x80000000000000006963141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ff642d757356562022-01-05 10:03:42.713root 11241100x80000000000000006963142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addc2fb02830d0e22022-01-05 10:03:42.713root 11241100x80000000000000006963143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd6323531bcdae02022-01-05 10:03:42.713root 11241100x80000000000000006963144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb546d86e1c6b1d52022-01-05 10:03:42.714root 11241100x80000000000000006963145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb0ec9d3ac9aba22022-01-05 10:03:42.714root 11241100x80000000000000006963146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e00b24e7d84fb22022-01-05 10:03:42.714root 11241100x80000000000000006963147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95bec49913af2082022-01-05 10:03:42.714root 11241100x80000000000000006963148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e7ccf5255ff81f2022-01-05 10:03:42.714root 11241100x80000000000000006963149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de2435a9e29a4e02022-01-05 10:03:42.714root 11241100x80000000000000006963150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95547e221a3175b12022-01-05 10:03:42.714root 11241100x80000000000000006963151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774db84ac82836462022-01-05 10:03:43.211root 11241100x80000000000000006963152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4bcd9dad6e588e2022-01-05 10:03:43.211root 11241100x80000000000000006963153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea6850ac5e185d42022-01-05 10:03:43.211root 11241100x80000000000000006963154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4406a17bb1c9778f2022-01-05 10:03:43.211root 11241100x80000000000000006963155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a2e2acc1c1f6c82022-01-05 10:03:43.211root 11241100x80000000000000006963156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da7c6e9dbb10cac2022-01-05 10:03:43.211root 11241100x80000000000000006963157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6bea64d7b13ea42022-01-05 10:03:43.211root 11241100x80000000000000006963158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda6bbddfa93cdb02022-01-05 10:03:43.212root 11241100x80000000000000006963159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9160b00a7c47ebc72022-01-05 10:03:43.212root 11241100x80000000000000006963160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eed3da8bc017952022-01-05 10:03:43.212root 11241100x80000000000000006963161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963e9648e9dad71d2022-01-05 10:03:43.212root 11241100x80000000000000006963162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be19cb756741ecd2022-01-05 10:03:43.212root 11241100x80000000000000006963163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a007316cfa835ef2022-01-05 10:03:43.212root 11241100x80000000000000006963164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b6f9fa389b724c2022-01-05 10:03:43.212root 11241100x80000000000000006963165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6599d40792d8dc2022-01-05 10:03:43.212root 11241100x80000000000000006963166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc235796a82478b42022-01-05 10:03:43.212root 11241100x80000000000000006963167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6501fd2370be8bc42022-01-05 10:03:43.212root 11241100x80000000000000006963168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c95adb30042ccd2022-01-05 10:03:43.213root 11241100x80000000000000006963169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda773a64ee2bd552022-01-05 10:03:43.213root 11241100x80000000000000006963170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a521b6dfdd1568342022-01-05 10:03:43.213root 11241100x80000000000000006963171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d3c0f9aa65246c2022-01-05 10:03:43.213root 11241100x80000000000000006963172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f5951e81722f1f2022-01-05 10:03:43.213root 11241100x80000000000000006963173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970f4b31e24fb5272022-01-05 10:03:43.213root 11241100x80000000000000006963174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08968a7806055402022-01-05 10:03:43.213root 11241100x80000000000000006963175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfa8a766f3e2c332022-01-05 10:03:43.213root 11241100x80000000000000006963176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82be6cf83e93700b2022-01-05 10:03:43.213root 11241100x80000000000000006963177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea36f8465c043c8f2022-01-05 10:03:43.213root 11241100x80000000000000006963178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0178fbecd4d674c2022-01-05 10:03:43.213root 11241100x80000000000000006963179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e082879b218aaca2022-01-05 10:03:43.214root 11241100x80000000000000006963180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff02b2d8712a285b2022-01-05 10:03:43.214root 11241100x80000000000000006963181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88b8615ebb982e22022-01-05 10:03:43.214root 11241100x80000000000000006963182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8a421e4af2fa412022-01-05 10:03:43.214root 11241100x80000000000000006963183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4554b3e8286b782022-01-05 10:03:43.214root 11241100x80000000000000006963184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a22fcec68a0d3cf2022-01-05 10:03:43.214root 11241100x80000000000000006963185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827d5686b2532e652022-01-05 10:03:43.214root 11241100x80000000000000006963186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25867d5cd030337d2022-01-05 10:03:43.214root 11241100x80000000000000006963187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91a4c3e95dc2e3b2022-01-05 10:03:43.214root 11241100x80000000000000006963188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b29ce666b993f4b2022-01-05 10:03:43.214root 11241100x80000000000000006963189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9816ed84082a0d2022-01-05 10:03:43.214root 11241100x80000000000000006963190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c71200341eb004a2022-01-05 10:03:43.214root 11241100x80000000000000006963191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3854c4b1098a227d2022-01-05 10:03:43.215root 11241100x80000000000000006963192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ddf5220fce6b482022-01-05 10:03:43.215root 11241100x80000000000000006963193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777616fce77879fd2022-01-05 10:03:43.215root 11241100x80000000000000006963194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae68088bd7ad9cc32022-01-05 10:03:43.215root 11241100x80000000000000006963195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92870fee9fbba7dc2022-01-05 10:03:43.215root 11241100x80000000000000006963196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f447124fedf3022022-01-05 10:03:43.215root 11241100x80000000000000006963197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71e2342d42c0b7f2022-01-05 10:03:43.215root 11241100x80000000000000006963198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6520d0e875146b62022-01-05 10:03:43.216root 11241100x80000000000000006963199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a48da6f11a47d782022-01-05 10:03:43.216root 11241100x80000000000000006963200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b95abdede812a62022-01-05 10:03:43.216root 11241100x80000000000000006963201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63171898d1ed73952022-01-05 10:03:43.216root 11241100x80000000000000006963202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53657836a0b2d1f2022-01-05 10:03:43.216root 11241100x80000000000000006963203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bf3958ef77846e2022-01-05 10:03:43.216root 11241100x80000000000000006963204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00866ca1caa41f72022-01-05 10:03:43.216root 11241100x80000000000000006963205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c911ccb3b5b8a42022-01-05 10:03:43.218root 11241100x80000000000000006963206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707bdea1bfca21f22022-01-05 10:03:43.218root 11241100x80000000000000006963207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed02bc0ac67f75f2022-01-05 10:03:43.218root 11241100x80000000000000006963208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd96a6f26c503732022-01-05 10:03:43.710root 11241100x80000000000000006963209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f9da3bcf955caf2022-01-05 10:03:43.711root 11241100x80000000000000006963210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a349904ed2c50742022-01-05 10:03:43.711root 11241100x80000000000000006963211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595178f23319c12a2022-01-05 10:03:43.711root 11241100x80000000000000006963212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdba61b8508a6f4e2022-01-05 10:03:43.711root 11241100x80000000000000006963213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752ccd2a6985d0be2022-01-05 10:03:43.711root 11241100x80000000000000006963214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c318dc450e4ae2e2022-01-05 10:03:43.711root 11241100x80000000000000006963215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d73cba688b1d9102022-01-05 10:03:43.711root 11241100x80000000000000006963216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5130aef0160c343f2022-01-05 10:03:43.711root 11241100x80000000000000006963217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5700be97984054232022-01-05 10:03:43.712root 11241100x80000000000000006963218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a46c822ecb44862022-01-05 10:03:43.712root 11241100x80000000000000006963219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aed69fb3a321772022-01-05 10:03:43.712root 11241100x80000000000000006963220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc40f5d4d9190eeb2022-01-05 10:03:43.712root 11241100x80000000000000006963221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3a37cc32aeacf42022-01-05 10:03:43.712root 11241100x80000000000000006963222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ac2cd7fbf4c9472022-01-05 10:03:43.712root 11241100x80000000000000006963223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5caafa984c042fab2022-01-05 10:03:43.712root 11241100x80000000000000006963224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93e7b98a27daf2c2022-01-05 10:03:43.712root 11241100x80000000000000006963225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce665d028c7781af2022-01-05 10:03:43.713root 11241100x80000000000000006963226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72193405b0f42e902022-01-05 10:03:43.713root 11241100x80000000000000006963227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917e0aaddc2523a62022-01-05 10:03:43.713root 11241100x80000000000000006963228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4197796a8bc59ad92022-01-05 10:03:43.713root 11241100x80000000000000006963229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fa0308858ce33f2022-01-05 10:03:43.713root 11241100x80000000000000006963230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d978bda0894efcbe2022-01-05 10:03:43.713root 11241100x80000000000000006963231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348e9272cf625e942022-01-05 10:03:43.713root 11241100x80000000000000006963232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a3ad51ab18a91b2022-01-05 10:03:43.713root 11241100x80000000000000006963233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8497be880ae300c2022-01-05 10:03:43.714root 11241100x80000000000000006963234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034da0d4209ddafa2022-01-05 10:03:43.714root 11241100x80000000000000006963235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63073b28731784912022-01-05 10:03:43.714root 11241100x80000000000000006963236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108fe2862eb7fd602022-01-05 10:03:43.714root 11241100x80000000000000006963237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ceef234f1030a932022-01-05 10:03:43.714root 11241100x80000000000000006963238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f64fdd593458332022-01-05 10:03:43.714root 11241100x80000000000000006963239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725eb5280e75ac002022-01-05 10:03:43.714root 11241100x80000000000000006963240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc79434c531419432022-01-05 10:03:43.714root 11241100x80000000000000006963241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65f8f1b44bf10b92022-01-05 10:03:43.715root 11241100x80000000000000006963242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cc8ab007b664ed2022-01-05 10:03:43.715root 11241100x80000000000000006963243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85da7c94ea176ea22022-01-05 10:03:43.715root 11241100x80000000000000006963244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96092916f202f33c2022-01-05 10:03:43.715root 11241100x80000000000000006963245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a567eee9a58ba8f12022-01-05 10:03:43.715root 11241100x80000000000000006963246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810e2da68455ab122022-01-05 10:03:44.210root 11241100x80000000000000006963247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea4c7f842a9749b2022-01-05 10:03:44.211root 11241100x80000000000000006963248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c6d2b54f7d67f32022-01-05 10:03:44.211root 11241100x80000000000000006963249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e93135a46b65c72022-01-05 10:03:44.211root 11241100x80000000000000006963250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0032d771dbb2fa2022-01-05 10:03:44.212root 11241100x80000000000000006963251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef1bf4f1082e6332022-01-05 10:03:44.212root 11241100x80000000000000006963252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf8a1407cbfe2ad2022-01-05 10:03:44.212root 11241100x80000000000000006963253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da52ad99268baef2022-01-05 10:03:44.212root 11241100x80000000000000006963254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1ecbfba08b0df22022-01-05 10:03:44.212root 11241100x80000000000000006963255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9723f72b99a27612022-01-05 10:03:44.213root 11241100x80000000000000006963256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeedd060ff67d522022-01-05 10:03:44.213root 11241100x80000000000000006963257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e470c007db6b7a472022-01-05 10:03:44.213root 11241100x80000000000000006963258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d979b235cda10402022-01-05 10:03:44.213root 11241100x80000000000000006963259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517b8ea6182160102022-01-05 10:03:44.213root 11241100x80000000000000006963260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760e9987aa278cd52022-01-05 10:03:44.213root 11241100x80000000000000006963261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da8c5d12ec1c7e22022-01-05 10:03:44.213root 11241100x80000000000000006963262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d2442fee24925a2022-01-05 10:03:44.213root 11241100x80000000000000006963263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ae853965de80d52022-01-05 10:03:44.214root 11241100x80000000000000006963264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54515c8f364262df2022-01-05 10:03:44.214root 11241100x80000000000000006963265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f2222a98ed2c022022-01-05 10:03:44.214root 11241100x80000000000000006963266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc26890c3dd53a32022-01-05 10:03:44.214root 11241100x80000000000000006963267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f2f00ad5686caa2022-01-05 10:03:44.214root 11241100x80000000000000006963268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fde1f6507e846e82022-01-05 10:03:44.214root 11241100x80000000000000006963269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac813598f027df72022-01-05 10:03:44.214root 11241100x80000000000000006963270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a5228f08ad68252022-01-05 10:03:44.214root 11241100x80000000000000006963271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230c9a160ac7b4b12022-01-05 10:03:44.214root 11241100x80000000000000006963272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e312dfb7e603e232022-01-05 10:03:44.214root 11241100x80000000000000006963273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da3672f4fb962c92022-01-05 10:03:44.215root 11241100x80000000000000006963274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60efe0f7f4010cd02022-01-05 10:03:44.215root 11241100x80000000000000006963275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f0fa9b6a873d892022-01-05 10:03:44.215root 11241100x80000000000000006963276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db956d6120fea1322022-01-05 10:03:44.216root 11241100x80000000000000006963277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee16865082aa33812022-01-05 10:03:44.216root 11241100x80000000000000006963278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0848b4642e817c1c2022-01-05 10:03:44.216root 11241100x80000000000000006963279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b951c12b571a13882022-01-05 10:03:44.216root 11241100x80000000000000006963280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d545fdee917894c2022-01-05 10:03:44.216root 11241100x80000000000000006963281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fb7e72565275252022-01-05 10:03:44.216root 11241100x80000000000000006963282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbabb8060ea688d2022-01-05 10:03:44.217root 11241100x80000000000000006963283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ca05834caa13b42022-01-05 10:03:44.217root 11241100x80000000000000006963284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356e416f6c9d40c92022-01-05 10:03:44.710root 11241100x80000000000000006963285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad7f149e09d661a2022-01-05 10:03:44.711root 11241100x80000000000000006963286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0643ed3a998d8a2022-01-05 10:03:44.711root 11241100x80000000000000006963287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924fb005a4ae7a7c2022-01-05 10:03:44.711root 11241100x80000000000000006963288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e62e9628930c8e2022-01-05 10:03:44.711root 11241100x80000000000000006963289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bab7b59f60ecff42022-01-05 10:03:44.711root 11241100x80000000000000006963290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ee932ded70adc42022-01-05 10:03:44.711root 11241100x80000000000000006963291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5a6c10144dc2c62022-01-05 10:03:44.711root 11241100x80000000000000006963292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0dc5907c8e5a792022-01-05 10:03:44.711root 11241100x80000000000000006963293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de06fa2c81386362022-01-05 10:03:44.711root 11241100x80000000000000006963294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602280eb4aba41422022-01-05 10:03:44.711root 11241100x80000000000000006963295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e94ddf94186d7902022-01-05 10:03:44.712root 11241100x80000000000000006963296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe3c99348206ece2022-01-05 10:03:44.712root 11241100x80000000000000006963297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b0afc9cb2f06732022-01-05 10:03:44.712root 11241100x80000000000000006963298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f7031d727684fe2022-01-05 10:03:44.712root 11241100x80000000000000006963299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb080d00447520d32022-01-05 10:03:44.713root 11241100x80000000000000006963300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e305a5be714fb3272022-01-05 10:03:44.713root 11241100x80000000000000006963301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2017691f01775a622022-01-05 10:03:44.713root 11241100x80000000000000006963302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9333432c254f1862022-01-05 10:03:44.713root 11241100x80000000000000006963303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66eb4381929777c42022-01-05 10:03:44.714root 11241100x80000000000000006963304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2141a0151e75fc62022-01-05 10:03:44.714root 11241100x80000000000000006963305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d50475ec92bcf72022-01-05 10:03:44.714root 11241100x80000000000000006963306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05dd426e81066fc2022-01-05 10:03:44.714root 11241100x80000000000000006963307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320d6d3d942576982022-01-05 10:03:44.714root 11241100x80000000000000006963308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8cfb4b5358c0002022-01-05 10:03:44.714root 11241100x80000000000000006963309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29ad509b3c8e0fa2022-01-05 10:03:44.714root 11241100x80000000000000006963310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b10cb1dd7ff07f72022-01-05 10:03:44.714root 11241100x80000000000000006963311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226256f6a37820262022-01-05 10:03:44.714root 11241100x80000000000000006963312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506c1dac96e0757e2022-01-05 10:03:44.714root 11241100x80000000000000006963313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4bc88eeb975e722022-01-05 10:03:44.715root 11241100x80000000000000006963314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfcc950437dbde02022-01-05 10:03:44.715root 11241100x80000000000000006963315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f909e738a32f7c332022-01-05 10:03:44.715root 11241100x80000000000000006963316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298ac170bdc254502022-01-05 10:03:44.715root 11241100x80000000000000006963317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca09c249a5072732022-01-05 10:03:44.715root 11241100x80000000000000006963318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2978a714826da3f32022-01-05 10:03:44.716root 11241100x80000000000000006963319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8835d0c78d38ce2022-01-05 10:03:44.716root 11241100x80000000000000006963320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c28b96ef5c541a2022-01-05 10:03:44.716root 11241100x80000000000000006963321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:44.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655728a57ac01b002022-01-05 10:03:44.716root 354300x80000000000000006963322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.174{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41740-false10.0.1.12-8000- 11241100x80000000000000006963323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1bd56ca52a73e42022-01-05 10:03:45.174root 11241100x80000000000000006963324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.175{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10fe0ff16f847ba2022-01-05 10:03:45.175root 11241100x80000000000000006963325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.175{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0086cfd2cca2d1b22022-01-05 10:03:45.175root 11241100x80000000000000006963326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.176{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45b3acba98fdf202022-01-05 10:03:45.176root 11241100x80000000000000006963327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.176{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce376fb9073210c2022-01-05 10:03:45.176root 11241100x80000000000000006963328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.176{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee46911d2008bde2022-01-05 10:03:45.176root 11241100x80000000000000006963329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08da2560974ed6bb2022-01-05 10:03:45.177root 11241100x80000000000000006963330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e405e215491410772022-01-05 10:03:45.177root 11241100x80000000000000006963331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b3cf947bce13c92022-01-05 10:03:45.177root 11241100x80000000000000006963332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7aced6fea475522022-01-05 10:03:45.177root 11241100x80000000000000006963333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22bc4ee2ab6b2d82022-01-05 10:03:45.177root 11241100x80000000000000006963334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a41ba2095a1d1c2022-01-05 10:03:45.177root 11241100x80000000000000006963335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2af4f177db12b22022-01-05 10:03:45.177root 11241100x80000000000000006963336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d140e8536f40cf62022-01-05 10:03:45.177root 11241100x80000000000000006963337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628eb246299b20422022-01-05 10:03:45.177root 11241100x80000000000000006963338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea904c49d2fbc8012022-01-05 10:03:45.177root 11241100x80000000000000006963339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa98b1131f9919002022-01-05 10:03:45.177root 11241100x80000000000000006963340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186c0df38d9fa2d62022-01-05 10:03:45.177root 11241100x80000000000000006963341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438067bc0fc69feb2022-01-05 10:03:45.177root 11241100x80000000000000006963342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e6815a194064fb2022-01-05 10:03:45.178root 11241100x80000000000000006963343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7185869aa165aed22022-01-05 10:03:45.178root 11241100x80000000000000006963344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f849442713ede7482022-01-05 10:03:45.178root 11241100x80000000000000006963345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0c1429606600502022-01-05 10:03:45.178root 11241100x80000000000000006963346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ce82f2144d23162022-01-05 10:03:45.178root 11241100x80000000000000006963347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce69994bafb97322022-01-05 10:03:45.178root 11241100x80000000000000006963348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f276c2ce1eec7b82022-01-05 10:03:45.178root 11241100x80000000000000006963349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c436228c5ed4c1692022-01-05 10:03:45.178root 11241100x80000000000000006963350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9309bcc0cc924ca82022-01-05 10:03:45.178root 11241100x80000000000000006963351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.179{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f69e9af6a28e5f2022-01-05 10:03:45.179root 11241100x80000000000000006963352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.179{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42430eab4c0c56662022-01-05 10:03:45.179root 11241100x80000000000000006963353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.179{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5776787ea769fe2022-01-05 10:03:45.179root 11241100x80000000000000006963354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0367ae4baa53acd12022-01-05 10:03:45.180root 11241100x80000000000000006963355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e104677024995122022-01-05 10:03:45.180root 11241100x80000000000000006963356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507c63bd831f708e2022-01-05 10:03:45.180root 11241100x80000000000000006963357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6807321d97cccc2022-01-05 10:03:45.180root 11241100x80000000000000006963358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524f3d7fb044a5f62022-01-05 10:03:45.180root 11241100x80000000000000006963359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.181{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4da6906dbb8ed52022-01-05 10:03:45.181root 11241100x80000000000000006963360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.182{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfe26c5f3b31e052022-01-05 10:03:45.182root 11241100x80000000000000006963361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f098cdf20e81c1d2022-01-05 10:03:45.183root 11241100x80000000000000006963362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46f650352445a132022-01-05 10:03:45.183root 11241100x80000000000000006963363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9f63a7f2ba7d2e2022-01-05 10:03:45.183root 11241100x80000000000000006963364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ea9c65776122242022-01-05 10:03:45.183root 11241100x80000000000000006963365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f427a8eedff88d82022-01-05 10:03:45.460root 11241100x80000000000000006963366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227dd9ac9a3d82272022-01-05 10:03:45.461root 11241100x80000000000000006963367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865ba8edc07d37ca2022-01-05 10:03:45.461root 11241100x80000000000000006963368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1cf256761dcce92022-01-05 10:03:45.461root 11241100x80000000000000006963369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e826f2cc6a124fe72022-01-05 10:03:45.461root 11241100x80000000000000006963370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359203b6e3cdd1372022-01-05 10:03:45.461root 11241100x80000000000000006963371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f125fc8d663b712022-01-05 10:03:45.461root 11241100x80000000000000006963372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71afda7f4b6de8592022-01-05 10:03:45.461root 11241100x80000000000000006963373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d426678a16102bcc2022-01-05 10:03:45.461root 11241100x80000000000000006963374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb414ed08976ed512022-01-05 10:03:45.461root 11241100x80000000000000006963375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e3c14f3debb62e2022-01-05 10:03:45.462root 11241100x80000000000000006963376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9035ceb4f85577102022-01-05 10:03:45.462root 11241100x80000000000000006963377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6a04882fb581b02022-01-05 10:03:45.462root 11241100x80000000000000006963378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf437940da1498cc2022-01-05 10:03:45.462root 11241100x80000000000000006963379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082364400b0a9daa2022-01-05 10:03:45.462root 11241100x80000000000000006963380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c27fa3ed3db0e22022-01-05 10:03:45.462root 11241100x80000000000000006963381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3c322f4add43562022-01-05 10:03:45.462root 11241100x80000000000000006963382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d0d911ae9898542022-01-05 10:03:45.463root 11241100x80000000000000006963383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76173c42f2c298df2022-01-05 10:03:45.463root 11241100x80000000000000006963384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33492dcfdc63d2072022-01-05 10:03:45.463root 11241100x80000000000000006963385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6df1d575c203912022-01-05 10:03:45.463root 11241100x80000000000000006963386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4305b4e23d6aecd52022-01-05 10:03:45.463root 11241100x80000000000000006963387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a7efb61dc47bee2022-01-05 10:03:45.463root 11241100x80000000000000006963388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b3396a5dff7cb82022-01-05 10:03:45.463root 11241100x80000000000000006963389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5923d3c566f06c2022-01-05 10:03:45.463root 11241100x80000000000000006963390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fa28e614fa17be2022-01-05 10:03:45.463root 11241100x80000000000000006963391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56a5669c5b4b25f2022-01-05 10:03:45.464root 11241100x80000000000000006963392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c60fdee5dfd5b2022-01-05 10:03:45.464root 11241100x80000000000000006963393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a63b0bb2cad6cab2022-01-05 10:03:45.464root 11241100x80000000000000006963394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90d7e41152b1c342022-01-05 10:03:45.464root 11241100x80000000000000006963395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da416de3038b3f12022-01-05 10:03:45.464root 11241100x80000000000000006963396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d148d0885fe9daba2022-01-05 10:03:45.464root 11241100x80000000000000006963397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcf71d3b98bd0452022-01-05 10:03:45.464root 11241100x80000000000000006963398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce68ce9e92708ad2022-01-05 10:03:45.464root 11241100x80000000000000006963399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a619d749962a39c2022-01-05 10:03:45.465root 11241100x80000000000000006963400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d508051387e061162022-01-05 10:03:45.465root 11241100x80000000000000006963401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcc31e5b4736aa82022-01-05 10:03:45.465root 11241100x80000000000000006963402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d13b0e4a894bf92022-01-05 10:03:45.465root 11241100x80000000000000006963403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46e41860863ef142022-01-05 10:03:45.465root 11241100x80000000000000006963404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeca844f11fb4d32022-01-05 10:03:45.961root 11241100x80000000000000006963405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212fc990f3d0867f2022-01-05 10:03:45.961root 11241100x80000000000000006963406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f057fd5d6068fc2022-01-05 10:03:45.961root 11241100x80000000000000006963407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d419b6377655b4d2022-01-05 10:03:45.961root 11241100x80000000000000006963408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276e384e2f351af02022-01-05 10:03:45.961root 11241100x80000000000000006963409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95644e6d59f5d0282022-01-05 10:03:45.961root 11241100x80000000000000006963410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91e7044610855f02022-01-05 10:03:45.961root 11241100x80000000000000006963411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa0073043e704fd2022-01-05 10:03:45.961root 11241100x80000000000000006963412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836eed7a83434efa2022-01-05 10:03:45.961root 11241100x80000000000000006963413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fd583531b5c13d2022-01-05 10:03:45.961root 11241100x80000000000000006963414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c97d137953078032022-01-05 10:03:45.961root 11241100x80000000000000006963415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1beffe496ad04f2022-01-05 10:03:45.962root 11241100x80000000000000006963416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336f50a35940e2af2022-01-05 10:03:45.962root 11241100x80000000000000006963417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5566bf2542e8d12022-01-05 10:03:45.962root 11241100x80000000000000006963418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa1e0c15db151802022-01-05 10:03:45.962root 11241100x80000000000000006963419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54996540244566cf2022-01-05 10:03:45.962root 11241100x80000000000000006963420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93bdc9a757cc2cb2022-01-05 10:03:45.962root 11241100x80000000000000006963421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2027daa356b280df2022-01-05 10:03:45.962root 11241100x80000000000000006963422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1628c6d98c384a822022-01-05 10:03:45.962root 11241100x80000000000000006963423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a08a83f0b8ea782022-01-05 10:03:45.962root 11241100x80000000000000006963424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cce53624db0ef52022-01-05 10:03:45.963root 11241100x80000000000000006963425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507b0392b1389e6a2022-01-05 10:03:45.963root 11241100x80000000000000006963426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e04cc1b4d12a8662022-01-05 10:03:45.963root 11241100x80000000000000006963427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c9b045aa9123da2022-01-05 10:03:45.963root 11241100x80000000000000006963428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db64f5cef2c19452022-01-05 10:03:45.963root 11241100x80000000000000006963429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef0c31b2c2a14bf2022-01-05 10:03:45.963root 11241100x80000000000000006963430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5380d29a08fe2cd2022-01-05 10:03:45.963root 11241100x80000000000000006963431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52daf33b448bafa2022-01-05 10:03:45.963root 11241100x80000000000000006963432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2099d0072802d5722022-01-05 10:03:45.963root 11241100x80000000000000006963433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8016b04b3743f7742022-01-05 10:03:45.963root 11241100x80000000000000006963434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67732c5f91a03be82022-01-05 10:03:45.963root 11241100x80000000000000006963435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c44e8c259fabef52022-01-05 10:03:45.964root 11241100x80000000000000006963436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12420ff3de36455a2022-01-05 10:03:45.964root 11241100x80000000000000006963437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9295c6e5a4c5c8c52022-01-05 10:03:45.964root 11241100x80000000000000006963438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11b0ca0ce22ed9f2022-01-05 10:03:45.964root 11241100x80000000000000006963439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efeb5ccfcae52f22022-01-05 10:03:45.964root 11241100x80000000000000006963440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6a950012ff8c942022-01-05 10:03:45.964root 11241100x80000000000000006963441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e2e6fff57434bc2022-01-05 10:03:45.964root 11241100x80000000000000006963442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a5bb3151f161b72022-01-05 10:03:45.964root 11241100x80000000000000006963443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98e73d9eb6674b82022-01-05 10:03:46.460root 11241100x80000000000000006963444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0860dd1ca1ac6a9b2022-01-05 10:03:46.461root 11241100x80000000000000006963445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43975b953dc9bda92022-01-05 10:03:46.461root 11241100x80000000000000006963446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fe38641421bbb12022-01-05 10:03:46.461root 11241100x80000000000000006963447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed609ff203898ee2022-01-05 10:03:46.461root 11241100x80000000000000006963448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b9a9fd342590542022-01-05 10:03:46.461root 11241100x80000000000000006963449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b2306a5165f18e2022-01-05 10:03:46.461root 11241100x80000000000000006963450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d2e8cb1f4b6b622022-01-05 10:03:46.461root 11241100x80000000000000006963451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ad5fb37f32007d2022-01-05 10:03:46.461root 11241100x80000000000000006963452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36a83fcca4509292022-01-05 10:03:46.461root 11241100x80000000000000006963453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0ff9e8567f75be2022-01-05 10:03:46.461root 11241100x80000000000000006963454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974dd99bbfc8abfa2022-01-05 10:03:46.462root 11241100x80000000000000006963455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c661c7b3f500227c2022-01-05 10:03:46.462root 11241100x80000000000000006963456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206a3c97e33542262022-01-05 10:03:46.462root 11241100x80000000000000006963457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2466d3140b433d002022-01-05 10:03:46.462root 11241100x80000000000000006963458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdbbd393c04e84e2022-01-05 10:03:46.462root 11241100x80000000000000006963459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3b30243408efe32022-01-05 10:03:46.462root 11241100x80000000000000006963460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefd297eb9eec24f2022-01-05 10:03:46.462root 11241100x80000000000000006963461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ab8061462fda962022-01-05 10:03:46.462root 11241100x80000000000000006963462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b996f080743db72022-01-05 10:03:46.462root 11241100x80000000000000006963463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffecf1f109a18fb2022-01-05 10:03:46.462root 11241100x80000000000000006963464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ced21ddae05a5b2022-01-05 10:03:46.463root 11241100x80000000000000006963465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365dc7fb5b2be8942022-01-05 10:03:46.463root 11241100x80000000000000006963466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca3563f357807c22022-01-05 10:03:46.463root 11241100x80000000000000006963467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff56a53165858a52022-01-05 10:03:46.463root 11241100x80000000000000006963468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003d56f14756aad22022-01-05 10:03:46.463root 11241100x80000000000000006963469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81dd0b68736b1112022-01-05 10:03:46.463root 11241100x80000000000000006963470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40ff8801d0e9e652022-01-05 10:03:46.463root 11241100x80000000000000006963471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b2e247076814282022-01-05 10:03:46.463root 11241100x80000000000000006963472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0379922f2b3d93042022-01-05 10:03:46.463root 11241100x80000000000000006963473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd4fc2c94c4ada52022-01-05 10:03:46.463root 11241100x80000000000000006963474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf952492d7eaab312022-01-05 10:03:46.463root 11241100x80000000000000006963475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9630542f8f3e2f2022-01-05 10:03:46.464root 11241100x80000000000000006963476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcadb441a5504f472022-01-05 10:03:46.464root 11241100x80000000000000006963477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8975a0cefea0f472022-01-05 10:03:46.464root 11241100x80000000000000006963478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec81686f2efd99e2022-01-05 10:03:46.464root 11241100x80000000000000006963479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08c8470eb4727f42022-01-05 10:03:46.464root 11241100x80000000000000006963480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deae98000fbb2e2f2022-01-05 10:03:46.464root 11241100x80000000000000006963481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461f1776d332d0382022-01-05 10:03:46.464root 11241100x80000000000000006963482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c735a1c380bead342022-01-05 10:03:46.960root 11241100x80000000000000006963483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b20a7b265ed89882022-01-05 10:03:46.961root 11241100x80000000000000006963484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e459cf9131cbc02022-01-05 10:03:46.961root 11241100x80000000000000006963485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923f69606720dc9f2022-01-05 10:03:46.961root 11241100x80000000000000006963486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9525199ea1804aeb2022-01-05 10:03:46.961root 11241100x80000000000000006963487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a81c020365b08a2022-01-05 10:03:46.961root 11241100x80000000000000006963488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1293d8c64a813ac72022-01-05 10:03:46.961root 11241100x80000000000000006963489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab9c55b0a2d3a7c2022-01-05 10:03:46.961root 11241100x80000000000000006963490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a317fa306a23e702022-01-05 10:03:46.961root 11241100x80000000000000006963491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a534b455cbf8b862022-01-05 10:03:46.961root 11241100x80000000000000006963492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3732a17338e642ef2022-01-05 10:03:46.961root 11241100x80000000000000006963493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8758b9a61bcbae922022-01-05 10:03:46.962root 11241100x80000000000000006963494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb2e8eaf7f0c9112022-01-05 10:03:46.962root 11241100x80000000000000006963495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf4255154bc54232022-01-05 10:03:46.962root 11241100x80000000000000006963496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6999d0992d6225eb2022-01-05 10:03:46.962root 11241100x80000000000000006963497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2454eb87b33678a62022-01-05 10:03:46.962root 11241100x80000000000000006963498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84f2a18760ce0292022-01-05 10:03:46.962root 11241100x80000000000000006963499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a65678cb1780ac52022-01-05 10:03:46.962root 11241100x80000000000000006963500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0612b7afa65d4db2022-01-05 10:03:46.962root 11241100x80000000000000006963501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454f5050d737bc62022-01-05 10:03:46.962root 11241100x80000000000000006963502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bf3828f4a65be52022-01-05 10:03:46.962root 11241100x80000000000000006963503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e44e027a0d3132022-01-05 10:03:46.962root 11241100x80000000000000006963504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c28f4512b3bed62022-01-05 10:03:46.963root 11241100x80000000000000006963505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2a7a34764c65b92022-01-05 10:03:46.963root 11241100x80000000000000006963506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af99ec8ea2ccc83b2022-01-05 10:03:46.963root 11241100x80000000000000006963507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee077b18dea070292022-01-05 10:03:46.963root 11241100x80000000000000006963508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dd9ea1bb2a77152022-01-05 10:03:46.963root 11241100x80000000000000006963509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc70f1e2ffa6eac2022-01-05 10:03:46.963root 11241100x80000000000000006963510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e620a74fb72c87112022-01-05 10:03:46.963root 11241100x80000000000000006963511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae8566c7888625a2022-01-05 10:03:46.963root 11241100x80000000000000006963512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7958c09a88351f842022-01-05 10:03:46.963root 11241100x80000000000000006963513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a722c5b206b8c392022-01-05 10:03:46.963root 11241100x80000000000000006963514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e6efb9c39ab432022-01-05 10:03:46.963root 11241100x80000000000000006963515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e749aa8cee79612022-01-05 10:03:46.964root 11241100x80000000000000006963516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320b95ab1c0885532022-01-05 10:03:46.964root 11241100x80000000000000006963517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae0f6b4fcf38d8b2022-01-05 10:03:46.964root 11241100x80000000000000006963518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5268b6120a21f52022-01-05 10:03:46.964root 11241100x80000000000000006963519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d09f8793754a9ac2022-01-05 10:03:46.964root 11241100x80000000000000006963520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4197ee733fdbe6f2022-01-05 10:03:46.964root 11241100x80000000000000006963521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7b1b0dd1d8a4e72022-01-05 10:03:47.461root 11241100x80000000000000006963522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a94d193da73401d2022-01-05 10:03:47.461root 11241100x80000000000000006963523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3746f990d5821fe2022-01-05 10:03:47.461root 11241100x80000000000000006963524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990c90ffc257767a2022-01-05 10:03:47.461root 11241100x80000000000000006963525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9f6e9edd1bfdf62022-01-05 10:03:47.461root 11241100x80000000000000006963526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6136c681132285022022-01-05 10:03:47.461root 11241100x80000000000000006963527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ad9767d0a1a2a32022-01-05 10:03:47.461root 11241100x80000000000000006963528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d049857ae4d0002022-01-05 10:03:47.461root 11241100x80000000000000006963529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7854b3221bad84872022-01-05 10:03:47.461root 11241100x80000000000000006963530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a7c4479f6dee2a2022-01-05 10:03:47.462root 11241100x80000000000000006963531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e974439466c2c42e2022-01-05 10:03:47.462root 11241100x80000000000000006963532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c4ad864cd369bf2022-01-05 10:03:47.462root 11241100x80000000000000006963533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8ad031f82d11512022-01-05 10:03:47.462root 11241100x80000000000000006963534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36adf4862aee20042022-01-05 10:03:47.462root 11241100x80000000000000006963535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0df2dc32d3aa4432022-01-05 10:03:47.462root 11241100x80000000000000006963536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83812b99eddb4a2022-01-05 10:03:47.462root 11241100x80000000000000006963537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d29df8d033b9ff2022-01-05 10:03:47.462root 11241100x80000000000000006963538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457dbe86d95b19492022-01-05 10:03:47.462root 11241100x80000000000000006963539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25059e7d1de7c3af2022-01-05 10:03:47.462root 11241100x80000000000000006963540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c1ea608762bc502022-01-05 10:03:47.462root 11241100x80000000000000006963541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad961eddd982efc2022-01-05 10:03:47.463root 11241100x80000000000000006963542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515caa7bdc0cab5c2022-01-05 10:03:47.463root 11241100x80000000000000006963543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfe51c03f4871492022-01-05 10:03:47.463root 11241100x80000000000000006963544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801750106fcf67f72022-01-05 10:03:47.463root 11241100x80000000000000006963545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d507be3fe46faf12022-01-05 10:03:47.463root 11241100x80000000000000006963546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c14dfa425872d252022-01-05 10:03:47.463root 11241100x80000000000000006963547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84874ab0e843442d2022-01-05 10:03:47.463root 11241100x80000000000000006963548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d99cb905da988052022-01-05 10:03:47.463root 11241100x80000000000000006963549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257bb8908fdc01b52022-01-05 10:03:47.463root 11241100x80000000000000006963550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddfcd48fc990b692022-01-05 10:03:47.463root 11241100x80000000000000006963551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e0691a8b5f0162022-01-05 10:03:47.464root 11241100x80000000000000006963552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaa2cb5dbf51c6e2022-01-05 10:03:47.464root 11241100x80000000000000006963553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161744a03a4669352022-01-05 10:03:47.464root 11241100x80000000000000006963554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b652ab54064b3d2022-01-05 10:03:47.464root 11241100x80000000000000006963555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c7df7d5d9c18182022-01-05 10:03:47.464root 11241100x80000000000000006963556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e3438cd898c85e2022-01-05 10:03:47.464root 11241100x80000000000000006963557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87409b72d1deb5d82022-01-05 10:03:47.464root 11241100x80000000000000006963558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031eb9e2233644722022-01-05 10:03:47.464root 11241100x80000000000000006963559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb42af6f4a8ef5ce2022-01-05 10:03:47.464root 11241100x80000000000000006963560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53c8d0529599a762022-01-05 10:03:47.960root 11241100x80000000000000006963561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3a7ae72e1e66072022-01-05 10:03:47.961root 11241100x80000000000000006963562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cea3b57ddabbee2022-01-05 10:03:47.961root 11241100x80000000000000006963563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638fea2d030427372022-01-05 10:03:47.961root 11241100x80000000000000006963564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b069c076a90a67572022-01-05 10:03:47.961root 11241100x80000000000000006963565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3394da693a5861372022-01-05 10:03:47.961root 11241100x80000000000000006963566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0161355ff6b79b7b2022-01-05 10:03:47.961root 11241100x80000000000000006963567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20b8385de8eb4072022-01-05 10:03:47.961root 11241100x80000000000000006963568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556e8bcb011bd0b92022-01-05 10:03:47.961root 11241100x80000000000000006963569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad3dd95039db4e72022-01-05 10:03:47.961root 11241100x80000000000000006963570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa107c12e27cf19c2022-01-05 10:03:47.961root 11241100x80000000000000006963571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf27ccea1e7a04b2022-01-05 10:03:47.961root 11241100x80000000000000006963572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c3516f5c54f8282022-01-05 10:03:47.962root 11241100x80000000000000006963573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ef04d18191eb752022-01-05 10:03:47.962root 11241100x80000000000000006963574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29f577917d6a71a2022-01-05 10:03:47.962root 11241100x80000000000000006963575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7437ce637fb32732022-01-05 10:03:47.962root 11241100x80000000000000006963576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ad8ecfe289f9a22022-01-05 10:03:47.962root 11241100x80000000000000006963577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7d084359d0eef02022-01-05 10:03:47.962root 11241100x80000000000000006963578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3ae7f1c91f36d32022-01-05 10:03:47.962root 11241100x80000000000000006963579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d78b46ea2b84fa2022-01-05 10:03:47.962root 11241100x80000000000000006963580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b0e186c460f0dd2022-01-05 10:03:47.962root 11241100x80000000000000006963581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b241f6ecb9cf5c982022-01-05 10:03:47.962root 11241100x80000000000000006963582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1911fc67dbe2772022-01-05 10:03:47.962root 11241100x80000000000000006963583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66887bdbfa9063242022-01-05 10:03:47.962root 11241100x80000000000000006963584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca3da165570e97f2022-01-05 10:03:47.963root 11241100x80000000000000006963585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802e8cc1ba121a3c2022-01-05 10:03:47.963root 11241100x80000000000000006963586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76855a11d5997022022-01-05 10:03:47.963root 11241100x80000000000000006963587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9a06b57e43c83f2022-01-05 10:03:47.963root 11241100x80000000000000006963588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc783f03ac5d6f82022-01-05 10:03:47.963root 11241100x80000000000000006963589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec655a0461b261f22022-01-05 10:03:47.963root 11241100x80000000000000006963590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9664fa6044355f3e2022-01-05 10:03:47.963root 11241100x80000000000000006963591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e58b0fcf8428abc2022-01-05 10:03:47.963root 11241100x80000000000000006963592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd196b051f2fdfc2022-01-05 10:03:47.963root 11241100x80000000000000006963593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc99576f7a95ed972022-01-05 10:03:47.963root 11241100x80000000000000006963594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e5eb005304c71b2022-01-05 10:03:47.963root 11241100x80000000000000006963595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7311537263d8252022-01-05 10:03:47.963root 11241100x80000000000000006963596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c343828bf6e7d52022-01-05 10:03:47.963root 11241100x80000000000000006963597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512a4e85e613f3fd2022-01-05 10:03:47.964root 11241100x80000000000000006963598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae06de495ece2e372022-01-05 10:03:47.964root 11241100x80000000000000006963599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5b21ddde5e3a812022-01-05 10:03:48.461root 11241100x80000000000000006963600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eac0ca0ea45ed62022-01-05 10:03:48.461root 11241100x80000000000000006963601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff90fdd797a7c032022-01-05 10:03:48.461root 11241100x80000000000000006963602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2762474dcb5c1dcb2022-01-05 10:03:48.461root 11241100x80000000000000006963603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c73c7a56437ea82022-01-05 10:03:48.461root 11241100x80000000000000006963604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a8abea4a545fa12022-01-05 10:03:48.461root 11241100x80000000000000006963605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe1b5d7d51e742f2022-01-05 10:03:48.461root 11241100x80000000000000006963606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a297db094dcef91e2022-01-05 10:03:48.461root 11241100x80000000000000006963607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964af1e69e104c6c2022-01-05 10:03:48.461root 11241100x80000000000000006963608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdeae58d4132ed52022-01-05 10:03:48.461root 11241100x80000000000000006963609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaf417b4647bd972022-01-05 10:03:48.461root 11241100x80000000000000006963610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34996363391c2c4e2022-01-05 10:03:48.462root 11241100x80000000000000006963611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02df1e74053592c52022-01-05 10:03:48.462root 11241100x80000000000000006963612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08e4a648ebe75142022-01-05 10:03:48.462root 11241100x80000000000000006963613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69a3c2f2edf2c482022-01-05 10:03:48.462root 11241100x80000000000000006963614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a578b5827e8329a2022-01-05 10:03:48.462root 11241100x80000000000000006963615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acc861fdac7abbc2022-01-05 10:03:48.462root 11241100x80000000000000006963616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf4a9bc4e8bd6c2022-01-05 10:03:48.462root 11241100x80000000000000006963617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229aba09f94d87d32022-01-05 10:03:48.462root 11241100x80000000000000006963618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4184ae5ca736b5482022-01-05 10:03:48.462root 11241100x80000000000000006963619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9477c24c40e12d9c2022-01-05 10:03:48.462root 11241100x80000000000000006963620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b737a58900ea82022-01-05 10:03:48.463root 11241100x80000000000000006963621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b96bcf1220cdfd2022-01-05 10:03:48.463root 11241100x80000000000000006963622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1b8e7b477516462022-01-05 10:03:48.463root 11241100x80000000000000006963623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67d4c4d143f090a2022-01-05 10:03:48.463root 11241100x80000000000000006963624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea99b6527c0c61b52022-01-05 10:03:48.463root 11241100x80000000000000006963625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d3e9f666a66e922022-01-05 10:03:48.463root 11241100x80000000000000006963626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef0c5a87f27d5fe2022-01-05 10:03:48.463root 11241100x80000000000000006963627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1315e5bd140576252022-01-05 10:03:48.463root 11241100x80000000000000006963628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d1882785d2fcc82022-01-05 10:03:48.463root 11241100x80000000000000006963629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6e15a6f9830f092022-01-05 10:03:48.463root 11241100x80000000000000006963630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d863eb282d8d6402022-01-05 10:03:48.464root 11241100x80000000000000006963631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a6c18bd1f8e8922022-01-05 10:03:48.464root 11241100x80000000000000006963632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804dc66080deb3042022-01-05 10:03:48.464root 11241100x80000000000000006963633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab4f5b959e493052022-01-05 10:03:48.464root 11241100x80000000000000006963634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a837be707160ae2022-01-05 10:03:48.464root 11241100x80000000000000006963635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c5bc4865d9c9d62022-01-05 10:03:48.464root 11241100x80000000000000006963636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bc16bf09f8e3b62022-01-05 10:03:48.464root 11241100x80000000000000006963637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90014adc888a8d12022-01-05 10:03:48.464root 11241100x80000000000000006963638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93a2ab12527d1de2022-01-05 10:03:48.961root 11241100x80000000000000006963639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40c0b3a2e42fa072022-01-05 10:03:48.961root 11241100x80000000000000006963640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd00a9563b4f80da2022-01-05 10:03:48.961root 11241100x80000000000000006963641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3606e29d332b81b82022-01-05 10:03:48.961root 11241100x80000000000000006963642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e059376332a365a72022-01-05 10:03:48.961root 11241100x80000000000000006963643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e1df13556f02712022-01-05 10:03:48.961root 11241100x80000000000000006963644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6265b0dfbb90b31f2022-01-05 10:03:48.961root 11241100x80000000000000006963645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea78e41013800292022-01-05 10:03:48.961root 11241100x80000000000000006963646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de5bb2944984f5b2022-01-05 10:03:48.961root 11241100x80000000000000006963647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed57bcc344fa05b2022-01-05 10:03:48.961root 11241100x80000000000000006963648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7ada9776aa21272022-01-05 10:03:48.961root 11241100x80000000000000006963649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b690cd79cced2d9c2022-01-05 10:03:48.962root 11241100x80000000000000006963650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b0cd6ac23d2f882022-01-05 10:03:48.962root 11241100x80000000000000006963651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511a5aef608d94952022-01-05 10:03:48.962root 11241100x80000000000000006963652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0492584a00fbd7972022-01-05 10:03:48.962root 11241100x80000000000000006963653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40000550dfce4ccf2022-01-05 10:03:48.962root 11241100x80000000000000006963654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd932e3d5d128bf22022-01-05 10:03:48.962root 11241100x80000000000000006963655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c781360ee3256f62022-01-05 10:03:48.962root 11241100x80000000000000006963656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8ec5c8c74b44282022-01-05 10:03:48.962root 11241100x80000000000000006963657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c513a8febbf6d04e2022-01-05 10:03:48.962root 11241100x80000000000000006963658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70bb015035fc0522022-01-05 10:03:48.962root 11241100x80000000000000006963659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138331fa1f7522e42022-01-05 10:03:48.962root 11241100x80000000000000006963660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf2bb94dfc904772022-01-05 10:03:48.963root 11241100x80000000000000006963661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0cd95097b894142022-01-05 10:03:48.963root 11241100x80000000000000006963662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1c1ec0ec1229422022-01-05 10:03:48.963root 11241100x80000000000000006963663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2df69c69b92f8c2022-01-05 10:03:48.963root 11241100x80000000000000006963664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4153c8857a173e772022-01-05 10:03:48.963root 11241100x80000000000000006963665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e799aaa4a488dca22022-01-05 10:03:48.963root 11241100x80000000000000006963666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6de2a566f9aae92022-01-05 10:03:48.963root 11241100x80000000000000006963667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e2c1ee08ee51a92022-01-05 10:03:48.963root 11241100x80000000000000006963668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0d642e26634ca52022-01-05 10:03:48.963root 11241100x80000000000000006963669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149a23c412f20a342022-01-05 10:03:48.963root 11241100x80000000000000006963670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e96419aeebda3f42022-01-05 10:03:48.963root 11241100x80000000000000006963671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799e12a48680a6652022-01-05 10:03:48.964root 11241100x80000000000000006963672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf6deb14104c4de2022-01-05 10:03:48.964root 11241100x80000000000000006963673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade9402d8a35c28f2022-01-05 10:03:48.964root 11241100x80000000000000006963674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8594ea34178422ee2022-01-05 10:03:48.964root 11241100x80000000000000006963675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559169d0b4c8d8952022-01-05 10:03:48.964root 11241100x80000000000000006963676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:48.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f38c4dd18c013af2022-01-05 10:03:48.964root 11241100x80000000000000006963677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8580fc769b90672022-01-05 10:03:49.461root 11241100x80000000000000006963678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec83d780d03728b12022-01-05 10:03:49.461root 11241100x80000000000000006963679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ac13bd77c354b12022-01-05 10:03:49.461root 11241100x80000000000000006963680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26220a1a457c8d12022-01-05 10:03:49.461root 11241100x80000000000000006963681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fe248b5488b1502022-01-05 10:03:49.461root 11241100x80000000000000006963682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdc9a66b9f37d042022-01-05 10:03:49.461root 11241100x80000000000000006963683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3383b75b5f095c92022-01-05 10:03:49.461root 11241100x80000000000000006963684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a976eb0babf037be2022-01-05 10:03:49.461root 11241100x80000000000000006963685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7206d98120e111f72022-01-05 10:03:49.461root 11241100x80000000000000006963686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18c09ea63561bdf2022-01-05 10:03:49.461root 11241100x80000000000000006963687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded74f8f3a04eef22022-01-05 10:03:49.461root 11241100x80000000000000006963688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db4fad72976da8a2022-01-05 10:03:49.461root 11241100x80000000000000006963689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead75245f23cd212022-01-05 10:03:49.462root 11241100x80000000000000006963690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ac07c8613202cb2022-01-05 10:03:49.462root 11241100x80000000000000006963691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96deb61529fdbdc22022-01-05 10:03:49.462root 11241100x80000000000000006963692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc6c308e55eb1d22022-01-05 10:03:49.462root 11241100x80000000000000006963693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a847fb7e8fdc62022-01-05 10:03:49.462root 11241100x80000000000000006963694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d873baa0e65ece2022-01-05 10:03:49.462root 11241100x80000000000000006963695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba0d33ae4bd1a942022-01-05 10:03:49.462root 11241100x80000000000000006963696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a04074ada5e1392022-01-05 10:03:49.462root 11241100x80000000000000006963697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3f05d1a94352132022-01-05 10:03:49.462root 11241100x80000000000000006963698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de9969339f1c3c2022-01-05 10:03:49.462root 11241100x80000000000000006963699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1b7a5dc42115022022-01-05 10:03:49.462root 11241100x80000000000000006963700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5882802652939f492022-01-05 10:03:49.462root 11241100x80000000000000006963701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2f8f8b9c3040fb2022-01-05 10:03:49.462root 11241100x80000000000000006963702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56de3a5bc7339512022-01-05 10:03:49.462root 11241100x80000000000000006963703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a6c32fd18e32c12022-01-05 10:03:49.462root 11241100x80000000000000006963704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6dfa8f485e51782022-01-05 10:03:49.462root 11241100x80000000000000006963705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38009be4726391ec2022-01-05 10:03:49.463root 11241100x80000000000000006963706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893e7d154325b3dd2022-01-05 10:03:49.463root 11241100x80000000000000006963707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8860a25e0854cb672022-01-05 10:03:49.463root 11241100x80000000000000006963708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7874ebf2954601802022-01-05 10:03:49.463root 11241100x80000000000000006963709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5719578fcbb57fd2022-01-05 10:03:49.463root 11241100x80000000000000006963710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366ac072a23f504b2022-01-05 10:03:49.463root 11241100x80000000000000006963711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37abb517c4ce86b72022-01-05 10:03:49.463root 11241100x80000000000000006963712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f6fb1fa53f90d92022-01-05 10:03:49.463root 11241100x80000000000000006963713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5985323c0674842022-01-05 10:03:49.463root 11241100x80000000000000006963714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4143437718cfe02022-01-05 10:03:49.463root 11241100x80000000000000006963715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9eb0de4286a76442022-01-05 10:03:49.463root 154100x80000000000000006963716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.511{ec2e79f3-6d05-61d5-6844-c2df9e550000}23010/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 534500x80000000000000006963717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.521{ec2e79f3-6d05-61d5-6844-c2df9e550000}23010/bin/psroot 11241100x80000000000000006963718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a37ee454b6b1fa2022-01-05 10:03:49.961root 11241100x80000000000000006963719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f275aeded3961b2022-01-05 10:03:49.961root 11241100x80000000000000006963720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ead0c187156a3b2022-01-05 10:03:49.961root 11241100x80000000000000006963721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e596a29a3306522022-01-05 10:03:49.961root 11241100x80000000000000006963722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7863b4931efa0ca22022-01-05 10:03:49.961root 11241100x80000000000000006963723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba06442c8da16cd2022-01-05 10:03:49.961root 11241100x80000000000000006963724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fd2dcc47eb95b42022-01-05 10:03:49.961root 11241100x80000000000000006963725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea7e0ab0d17226f2022-01-05 10:03:49.961root 11241100x80000000000000006963726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5487c2958d58665d2022-01-05 10:03:49.961root 11241100x80000000000000006963727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1d40aba3ffb0ad2022-01-05 10:03:49.962root 11241100x80000000000000006963728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b455e17359cb302022-01-05 10:03:49.962root 11241100x80000000000000006963729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ec6b9143716f042022-01-05 10:03:49.962root 11241100x80000000000000006963730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf93bd0adc9706d42022-01-05 10:03:49.962root 11241100x80000000000000006963731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ef63760390bab02022-01-05 10:03:49.962root 11241100x80000000000000006963732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7279e77235818ac72022-01-05 10:03:49.962root 11241100x80000000000000006963733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe2411bef34784e2022-01-05 10:03:49.962root 11241100x80000000000000006963734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5514b1ba683ecb2022-01-05 10:03:49.962root 11241100x80000000000000006963735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5747c858f2371b692022-01-05 10:03:49.963root 11241100x80000000000000006963736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63668ce52876f9762022-01-05 10:03:49.963root 11241100x80000000000000006963737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cbc0111f81f2122022-01-05 10:03:49.963root 11241100x80000000000000006963738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4364e9c5363b19be2022-01-05 10:03:49.963root 11241100x80000000000000006963739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88d49213c30ec382022-01-05 10:03:49.963root 11241100x80000000000000006963740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9762faed33900a192022-01-05 10:03:49.963root 11241100x80000000000000006963741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa55c1ff6e4056b52022-01-05 10:03:49.963root 11241100x80000000000000006963742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce245a144b9641b2022-01-05 10:03:49.963root 11241100x80000000000000006963743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93d1058028929172022-01-05 10:03:49.963root 11241100x80000000000000006963744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b15e29c516b3e82022-01-05 10:03:49.964root 11241100x80000000000000006963745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e2a2bbc2b131512022-01-05 10:03:49.964root 11241100x80000000000000006963746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804f55ad6cb0c8a02022-01-05 10:03:49.964root 11241100x80000000000000006963747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9103e9bea953312022-01-05 10:03:49.964root 11241100x80000000000000006963748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a78a632de9db2a2022-01-05 10:03:49.964root 11241100x80000000000000006963749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715b0339463092c62022-01-05 10:03:49.964root 11241100x80000000000000006963750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7414ede37b11cb482022-01-05 10:03:49.964root 11241100x80000000000000006963751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb23cdee69bd5d672022-01-05 10:03:49.964root 11241100x80000000000000006963752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bcc3c95c74faee2022-01-05 10:03:49.965root 11241100x80000000000000006963753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596450edbef5d1682022-01-05 10:03:49.965root 11241100x80000000000000006963754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f9fd2b572ac0092022-01-05 10:03:49.966root 11241100x80000000000000006963755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158ac67d3d35d46f2022-01-05 10:03:49.966root 11241100x80000000000000006963756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4e9914066ecb642022-01-05 10:03:49.966root 11241100x80000000000000006963757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc180465631a1df12022-01-05 10:03:49.966root 11241100x80000000000000006963758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:49.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e98c0f6de99c162022-01-05 10:03:49.967root 11241100x80000000000000006963759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a9d4cda888e60c2022-01-05 10:03:50.461root 11241100x80000000000000006963760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f12168293b94e22022-01-05 10:03:50.461root 11241100x80000000000000006963761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ae72d95cb2d7792022-01-05 10:03:50.461root 11241100x80000000000000006963762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a18d66032db04a12022-01-05 10:03:50.461root 11241100x80000000000000006963763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d4b5c0a38c64642022-01-05 10:03:50.461root 11241100x80000000000000006963764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a72475c715d47d2022-01-05 10:03:50.461root 11241100x80000000000000006963765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e1b6cc9ec16d362022-01-05 10:03:50.461root 11241100x80000000000000006963766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340e896a35b0b6522022-01-05 10:03:50.461root 11241100x80000000000000006963767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468ce012052c9cda2022-01-05 10:03:50.462root 11241100x80000000000000006963768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaac95101c46d2b02022-01-05 10:03:50.462root 11241100x80000000000000006963769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18834367ea80b4452022-01-05 10:03:50.462root 11241100x80000000000000006963770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcd235f2f15433f2022-01-05 10:03:50.462root 11241100x80000000000000006963771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576caf19cbcc9b0c2022-01-05 10:03:50.462root 11241100x80000000000000006963772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595a3b9f8b7f9f12022-01-05 10:03:50.462root 11241100x80000000000000006963773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfae0d86a25fc4102022-01-05 10:03:50.462root 11241100x80000000000000006963774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1d1150ba0f13652022-01-05 10:03:50.463root 11241100x80000000000000006963775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654460cf8d6336722022-01-05 10:03:50.463root 11241100x80000000000000006963776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e45cc02f42b6802022-01-05 10:03:50.463root 11241100x80000000000000006963777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e3158d9c580172022-01-05 10:03:50.463root 11241100x80000000000000006963778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a88900efb50b9592022-01-05 10:03:50.463root 11241100x80000000000000006963779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0dd6e54ec47ef52022-01-05 10:03:50.463root 11241100x80000000000000006963780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bd6df0b7ce240f2022-01-05 10:03:50.463root 11241100x80000000000000006963781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056e8a7f5f0ddfe92022-01-05 10:03:50.463root 11241100x80000000000000006963782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efad83b58f9ca3a82022-01-05 10:03:50.463root 11241100x80000000000000006963783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa864c5824ae2a4d2022-01-05 10:03:50.464root 11241100x80000000000000006963784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c42975846491e02022-01-05 10:03:50.464root 11241100x80000000000000006963785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1139e1dbcd6b8f2022-01-05 10:03:50.464root 11241100x80000000000000006963786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab26091aab0716d2022-01-05 10:03:50.464root 11241100x80000000000000006963787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439614427828d29f2022-01-05 10:03:50.464root 11241100x80000000000000006963788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e18ca8a8b55782022-01-05 10:03:50.464root 11241100x80000000000000006963789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bab2ef2de8a5b5e2022-01-05 10:03:50.464root 11241100x80000000000000006963790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56a558de07023af2022-01-05 10:03:50.465root 11241100x80000000000000006963791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f177c8768de02b2022-01-05 10:03:50.465root 11241100x80000000000000006963792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c59222633aa5342022-01-05 10:03:50.465root 11241100x80000000000000006963793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5802996414664a62022-01-05 10:03:50.465root 11241100x80000000000000006963794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b738120e84f446522022-01-05 10:03:50.465root 11241100x80000000000000006963795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ca115e92216f842022-01-05 10:03:50.465root 11241100x80000000000000006963796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16389664945a45272022-01-05 10:03:50.465root 11241100x80000000000000006963797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f6d1eb7be8c5c52022-01-05 10:03:50.465root 11241100x80000000000000006963798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbd905920cda8f02022-01-05 10:03:50.465root 11241100x80000000000000006963799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7e107beafa3fbc2022-01-05 10:03:50.465root 11241100x80000000000000006963800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bf91d61e961f0d2022-01-05 10:03:50.961root 11241100x80000000000000006963801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5577d5e5a42c432022-01-05 10:03:50.961root 11241100x80000000000000006963802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d8fc71ae39c42f2022-01-05 10:03:50.961root 11241100x80000000000000006963803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4271f1672efef88c2022-01-05 10:03:50.961root 11241100x80000000000000006963804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f372b5be09dbda2022-01-05 10:03:50.961root 11241100x80000000000000006963805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd03b7243bf84f562022-01-05 10:03:50.961root 11241100x80000000000000006963806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461543dbd8337dc22022-01-05 10:03:50.961root 11241100x80000000000000006963807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f15502e619540cd2022-01-05 10:03:50.961root 11241100x80000000000000006963808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e37a310fa1e4d082022-01-05 10:03:50.961root 11241100x80000000000000006963809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced4738f3712dc1b2022-01-05 10:03:50.961root 11241100x80000000000000006963810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bf091eb3e4a3a32022-01-05 10:03:50.961root 11241100x80000000000000006963811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d30de2c11dc39062022-01-05 10:03:50.962root 11241100x80000000000000006963812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6235a9b1784399f2022-01-05 10:03:50.962root 11241100x80000000000000006963813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcbd99e69ae0d7c2022-01-05 10:03:50.962root 11241100x80000000000000006963814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3bb47d6df4bcdc2022-01-05 10:03:50.962root 11241100x80000000000000006963815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c9341382b066f32022-01-05 10:03:50.962root 11241100x80000000000000006963816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4b5b8f168e56d82022-01-05 10:03:50.962root 11241100x80000000000000006963817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae0fb2b3f3354172022-01-05 10:03:50.962root 11241100x80000000000000006963818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e77940251a66a82022-01-05 10:03:50.962root 11241100x80000000000000006963819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e09e71d54d9d0062022-01-05 10:03:50.962root 11241100x80000000000000006963820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8423f1b095585f822022-01-05 10:03:50.962root 11241100x80000000000000006963821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3872df2ead50474e2022-01-05 10:03:50.963root 11241100x80000000000000006963822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e529995d0dc0a52022-01-05 10:03:50.963root 11241100x80000000000000006963823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4975f1caf6a7c62022-01-05 10:03:50.963root 11241100x80000000000000006963824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea363d4ed5924ff72022-01-05 10:03:50.963root 11241100x80000000000000006963825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12299d22b7bf17912022-01-05 10:03:50.963root 11241100x80000000000000006963826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8258bca0d1d0673d2022-01-05 10:03:50.963root 11241100x80000000000000006963827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bcf011388f743c2022-01-05 10:03:50.963root 11241100x80000000000000006963828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177af19e469ec8dd2022-01-05 10:03:50.963root 11241100x80000000000000006963829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9bfc026d6013462022-01-05 10:03:50.963root 11241100x80000000000000006963830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a10d8f3a0d3a3cf2022-01-05 10:03:50.963root 11241100x80000000000000006963831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8504784700738e2022-01-05 10:03:50.964root 11241100x80000000000000006963832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e53650b08dd67d2022-01-05 10:03:50.964root 11241100x80000000000000006963833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97f247b94052c2b2022-01-05 10:03:50.964root 11241100x80000000000000006963834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a27dbc8c009f3152022-01-05 10:03:50.964root 11241100x80000000000000006963835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e474cdb0cc3fbd362022-01-05 10:03:50.964root 11241100x80000000000000006963836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b43f84e2d47a8de2022-01-05 10:03:50.964root 11241100x80000000000000006963837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63b8870214678812022-01-05 10:03:50.964root 11241100x80000000000000006963838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6124013a50fdb1c52022-01-05 10:03:50.964root 11241100x80000000000000006963839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7c7701e8bf38da2022-01-05 10:03:50.964root 11241100x80000000000000006963840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:50.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d667b8ba4afc711f2022-01-05 10:03:50.964root 354300x80000000000000006963841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.169{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41742-false10.0.1.12-8000- 11241100x80000000000000006963842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36be41384741a0bd2022-01-05 10:03:51.461root 11241100x80000000000000006963843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e118af18d81d8d2022-01-05 10:03:51.461root 11241100x80000000000000006963844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5666d57a4834679e2022-01-05 10:03:51.461root 11241100x80000000000000006963845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50153f5e8954025b2022-01-05 10:03:51.461root 11241100x80000000000000006963846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da6355b9ee1ae362022-01-05 10:03:51.461root 11241100x80000000000000006963847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e898d8dd701b998a2022-01-05 10:03:51.461root 11241100x80000000000000006963848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c62e128c35fe1a62022-01-05 10:03:51.461root 11241100x80000000000000006963849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb9232db9ce397d2022-01-05 10:03:51.461root 11241100x80000000000000006963850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f60e9b7d52251c2022-01-05 10:03:51.461root 11241100x80000000000000006963851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d7e1f8185a06302022-01-05 10:03:51.461root 11241100x80000000000000006963852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0e0c1fea95cf8d2022-01-05 10:03:51.461root 11241100x80000000000000006963853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c65941aa145adb2022-01-05 10:03:51.462root 11241100x80000000000000006963854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a45b26fea077872022-01-05 10:03:51.462root 11241100x80000000000000006963855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6819d91c55cc847d2022-01-05 10:03:51.462root 11241100x80000000000000006963856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f6d5fdfbbda1562022-01-05 10:03:51.462root 11241100x80000000000000006963857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343f16bbe860d60e2022-01-05 10:03:51.462root 11241100x80000000000000006963858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613a525b265de2b12022-01-05 10:03:51.462root 11241100x80000000000000006963859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5134c681a797392022-01-05 10:03:51.462root 11241100x80000000000000006963860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4362b9b0d341c82022-01-05 10:03:51.462root 11241100x80000000000000006963861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6d516fa4756a8a2022-01-05 10:03:51.462root 11241100x80000000000000006963862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4440ea6c686558b2022-01-05 10:03:51.462root 11241100x80000000000000006963863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64419b5e1ecee0a2022-01-05 10:03:51.462root 11241100x80000000000000006963864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7ab3c900cc2d722022-01-05 10:03:51.462root 11241100x80000000000000006963865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05870d9d02b4a0b82022-01-05 10:03:51.462root 11241100x80000000000000006963866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956820361f27f91c2022-01-05 10:03:51.462root 11241100x80000000000000006963867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3096ae3707ce4e5d2022-01-05 10:03:51.463root 11241100x80000000000000006963868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d15d0cdb4c117d82022-01-05 10:03:51.463root 11241100x80000000000000006963869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da896bff74fd7b702022-01-05 10:03:51.463root 11241100x80000000000000006963870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cfc7f66312e4d92022-01-05 10:03:51.463root 11241100x80000000000000006963871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dbf58159b64fd62022-01-05 10:03:51.463root 11241100x80000000000000006963872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a853eb1044ad382a2022-01-05 10:03:51.463root 11241100x80000000000000006963873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ac7a18b14a78892022-01-05 10:03:51.463root 11241100x80000000000000006963874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadfcddb9207606c2022-01-05 10:03:51.463root 11241100x80000000000000006963875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576f64317300ca2a2022-01-05 10:03:51.463root 11241100x80000000000000006963876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9b12450ef33ce92022-01-05 10:03:51.463root 11241100x80000000000000006963877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96554e5d176055c72022-01-05 10:03:51.463root 11241100x80000000000000006963878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b39d4a6046ae302022-01-05 10:03:51.464root 11241100x80000000000000006963879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3271d81c3ee33e392022-01-05 10:03:51.464root 11241100x80000000000000006963880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7aae73eca7e8332022-01-05 10:03:51.464root 11241100x80000000000000006963881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141207d302592f472022-01-05 10:03:51.464root 11241100x80000000000000006963882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d316d79a8e905f2022-01-05 10:03:51.464root 11241100x80000000000000006963883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb467cd0e0290ed2022-01-05 10:03:51.464root 11241100x80000000000000006963884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284ace63baf52ab72022-01-05 10:03:51.961root 11241100x80000000000000006963885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab072a3d21b14c992022-01-05 10:03:51.961root 11241100x80000000000000006963886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce74d7e6b6cb6922022-01-05 10:03:51.961root 11241100x80000000000000006963887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cad07ddc202035b2022-01-05 10:03:51.961root 11241100x80000000000000006963888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b134719f3573b02022-01-05 10:03:51.961root 11241100x80000000000000006963889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddadfcc66650b8182022-01-05 10:03:51.961root 11241100x80000000000000006963890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8892298d24ae9e8e2022-01-05 10:03:51.961root 11241100x80000000000000006963891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43f23a801d5c1e32022-01-05 10:03:51.961root 11241100x80000000000000006963892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d066f3b57c581f2022-01-05 10:03:51.961root 11241100x80000000000000006963893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d09a65682454622022-01-05 10:03:51.962root 11241100x80000000000000006963894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b8ef1e8b47a6bf2022-01-05 10:03:51.962root 11241100x80000000000000006963895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65595f6a20e992f92022-01-05 10:03:51.962root 11241100x80000000000000006963896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd995625419eb7e2022-01-05 10:03:51.962root 11241100x80000000000000006963897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209dc5ae8108ab812022-01-05 10:03:51.962root 11241100x80000000000000006963898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bc0fda453d118d2022-01-05 10:03:51.962root 11241100x80000000000000006963899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ccd763612ffd6b2022-01-05 10:03:51.962root 11241100x80000000000000006963900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bbe0b52583d0ab2022-01-05 10:03:51.962root 11241100x80000000000000006963901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4fda248d5b730c2022-01-05 10:03:51.962root 11241100x80000000000000006963902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc051a9b968b43c2022-01-05 10:03:51.962root 11241100x80000000000000006963903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3523d6d917e3ea2022-01-05 10:03:51.963root 11241100x80000000000000006963904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afba9304381ccab92022-01-05 10:03:51.963root 11241100x80000000000000006963905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36acc7c555c3144f2022-01-05 10:03:51.963root 11241100x80000000000000006963906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a880b223519c8b0f2022-01-05 10:03:51.963root 11241100x80000000000000006963907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d9700f0b9dfccf2022-01-05 10:03:51.963root 11241100x80000000000000006963908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafe6cb14883688e2022-01-05 10:03:51.963root 11241100x80000000000000006963909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f2c209773634962022-01-05 10:03:51.963root 11241100x80000000000000006963910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b71e1b1d87acb82022-01-05 10:03:51.963root 11241100x80000000000000006963911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a6082f7f1169b52022-01-05 10:03:51.963root 11241100x80000000000000006963912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d56d944f7404262022-01-05 10:03:51.964root 11241100x80000000000000006963913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b014ba19f58841a42022-01-05 10:03:51.964root 11241100x80000000000000006963914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de23f9874bf6a0c72022-01-05 10:03:51.964root 11241100x80000000000000006963915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e7a065d82b7af72022-01-05 10:03:51.964root 11241100x80000000000000006963916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4433e47216b541662022-01-05 10:03:51.964root 11241100x80000000000000006963917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3088d0e234db7832022-01-05 10:03:51.964root 11241100x80000000000000006963918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef00c3cfa29bf412022-01-05 10:03:51.964root 11241100x80000000000000006963919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f99931a01d11dd12022-01-05 10:03:51.964root 11241100x80000000000000006963920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106af5a727a88aad2022-01-05 10:03:51.964root 11241100x80000000000000006963921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0d30d5409a1ccc2022-01-05 10:03:51.965root 11241100x80000000000000006963922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54598b7c1447bf8c2022-01-05 10:03:51.965root 11241100x80000000000000006963923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c955dcd738c9722022-01-05 10:03:51.965root 11241100x80000000000000006963924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a09ab17c823a68e2022-01-05 10:03:51.965root 11241100x80000000000000006963925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac3333bb1573af82022-01-05 10:03:51.965root 11241100x80000000000000006963926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:51.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7caf67597a58f902022-01-05 10:03:51.965root 11241100x80000000000000006963927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171ab20de23090d32022-01-05 10:03:52.461root 11241100x80000000000000006963928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d84c8f538fa3f02022-01-05 10:03:52.461root 11241100x80000000000000006963929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a5ee808c781b5a2022-01-05 10:03:52.461root 11241100x80000000000000006963930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c08f61ceb653c602022-01-05 10:03:52.461root 11241100x80000000000000006963931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7aabd9eb57817c2022-01-05 10:03:52.461root 11241100x80000000000000006963932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ed5b325758a4952022-01-05 10:03:52.461root 11241100x80000000000000006963933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebacca9576a71f372022-01-05 10:03:52.461root 11241100x80000000000000006963934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920f6cda715d6ef72022-01-05 10:03:52.461root 11241100x80000000000000006963935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5198d1e69a706d32022-01-05 10:03:52.461root 11241100x80000000000000006963936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ebbdcace5ade902022-01-05 10:03:52.461root 11241100x80000000000000006963937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6965a48ac839e22022-01-05 10:03:52.461root 11241100x80000000000000006963938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1121c20c59fc89632022-01-05 10:03:52.461root 11241100x80000000000000006963939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecc9797d4f621c32022-01-05 10:03:52.461root 11241100x80000000000000006963940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0380ec02c57551752022-01-05 10:03:52.462root 11241100x80000000000000006963941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4e4b0b4876e0382022-01-05 10:03:52.462root 11241100x80000000000000006963942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d084fba087eb480b2022-01-05 10:03:52.462root 11241100x80000000000000006963943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58067377867822552022-01-05 10:03:52.462root 11241100x80000000000000006963944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fd21c23198b2b32022-01-05 10:03:52.462root 11241100x80000000000000006963945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac134c404d6197052022-01-05 10:03:52.462root 11241100x80000000000000006963946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bdaeb3ed4db4292022-01-05 10:03:52.462root 11241100x80000000000000006963947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8daaa4534867eb2022-01-05 10:03:52.462root 11241100x80000000000000006963948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae65cf1061728bf2022-01-05 10:03:52.463root 11241100x80000000000000006963949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81da49dcce4a88432022-01-05 10:03:52.463root 11241100x80000000000000006963950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c434a253c6eecd32022-01-05 10:03:52.463root 11241100x80000000000000006963951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0ac3bfbdafc9172022-01-05 10:03:52.463root 11241100x80000000000000006963952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83c6207a8e3c0b32022-01-05 10:03:52.463root 11241100x80000000000000006963953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5100acc55b7d8ce22022-01-05 10:03:52.463root 11241100x80000000000000006963954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac479a1f5958579e2022-01-05 10:03:52.463root 11241100x80000000000000006963955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e3cc36019c89972022-01-05 10:03:52.463root 11241100x80000000000000006963956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc9d04aac180e6b2022-01-05 10:03:52.463root 11241100x80000000000000006963957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f266a1af02742b2022-01-05 10:03:52.463root 11241100x80000000000000006963958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613b430724e4170a2022-01-05 10:03:52.463root 11241100x80000000000000006963959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbf34cac321d8942022-01-05 10:03:52.463root 11241100x80000000000000006963960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e7fc63fda4cbec2022-01-05 10:03:52.464root 11241100x80000000000000006963961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea09975b814f52d2022-01-05 10:03:52.464root 11241100x80000000000000006963962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee34a247e4668b42022-01-05 10:03:52.464root 11241100x80000000000000006963963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1545bc2d1e9308832022-01-05 10:03:52.464root 11241100x80000000000000006963964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2003f396d8e6472022-01-05 10:03:52.464root 11241100x80000000000000006963965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81469144b916a12a2022-01-05 10:03:52.464root 11241100x80000000000000006963966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675dc313a9b211d32022-01-05 10:03:52.464root 11241100x80000000000000006963967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55775920f101e2572022-01-05 10:03:52.464root 11241100x80000000000000006963968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aad4e9586b1f9902022-01-05 10:03:52.464root 11241100x80000000000000006963969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2886435ff3f34f9a2022-01-05 10:03:52.961root 11241100x80000000000000006963970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f11aec5dacfdb52022-01-05 10:03:52.961root 11241100x80000000000000006963971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f39b7d010c038b2022-01-05 10:03:52.961root 11241100x80000000000000006963972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0c09dfd4cf1da02022-01-05 10:03:52.961root 11241100x80000000000000006963973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c0831cfe2d33712022-01-05 10:03:52.961root 11241100x80000000000000006963974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4087e9f4e8d36e62022-01-05 10:03:52.961root 11241100x80000000000000006963975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e117e6243a3f3f2f2022-01-05 10:03:52.961root 11241100x80000000000000006963976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2652c431d0892ac2022-01-05 10:03:52.961root 11241100x80000000000000006963977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f03c3fe6a735c9e2022-01-05 10:03:52.961root 11241100x80000000000000006963978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5ef227745c83ac2022-01-05 10:03:52.961root 11241100x80000000000000006963979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4c99204d9ac3f42022-01-05 10:03:52.961root 11241100x80000000000000006963980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2012e5bfd39154122022-01-05 10:03:52.961root 11241100x80000000000000006963981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29c8c3af658fb8b2022-01-05 10:03:52.961root 11241100x80000000000000006963982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1323e0b3ac29451e2022-01-05 10:03:52.962root 11241100x80000000000000006963983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c01f27e5cfc9832022-01-05 10:03:52.962root 11241100x80000000000000006963984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d59b1be848f158e2022-01-05 10:03:52.962root 11241100x80000000000000006963985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db3bda21e0dc8092022-01-05 10:03:52.962root 11241100x80000000000000006963986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a8503a7ca2573b2022-01-05 10:03:52.962root 11241100x80000000000000006963987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cce81126232dcff2022-01-05 10:03:52.962root 11241100x80000000000000006963988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb747fa6c15956922022-01-05 10:03:52.962root 11241100x80000000000000006963989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad9cf69ed93ec5f2022-01-05 10:03:52.962root 11241100x80000000000000006963990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dabb1f5c6c9ae162022-01-05 10:03:52.962root 11241100x80000000000000006963991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaf930fee0b5df82022-01-05 10:03:52.962root 11241100x80000000000000006963992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a51251149effbc02022-01-05 10:03:52.962root 11241100x80000000000000006963993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bfc99a840af67a2022-01-05 10:03:52.962root 11241100x80000000000000006963994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052e35c329d724c82022-01-05 10:03:52.962root 11241100x80000000000000006963995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0243ba63ad0db542022-01-05 10:03:52.962root 11241100x80000000000000006963996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918bbcff40ae50962022-01-05 10:03:52.962root 11241100x80000000000000006963997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bf3d50864004332022-01-05 10:03:52.962root 11241100x80000000000000006963998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961c2e2c7fc7a1c52022-01-05 10:03:52.963root 11241100x80000000000000006963999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ed5bc2d5f97be82022-01-05 10:03:52.963root 11241100x80000000000000006964000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca3d3c5d3ca5dee2022-01-05 10:03:52.963root 11241100x80000000000000006964001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cf900b8e86eade2022-01-05 10:03:52.963root 11241100x80000000000000006964002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c5409f9c048d232022-01-05 10:03:52.963root 11241100x80000000000000006964003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c986b2818ab88d0a2022-01-05 10:03:52.963root 11241100x80000000000000006964004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34d0a5d33bd4c292022-01-05 10:03:52.963root 11241100x80000000000000006964005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458181bbf156e0942022-01-05 10:03:52.963root 11241100x80000000000000006964006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b107dad90e10c9252022-01-05 10:03:52.963root 11241100x80000000000000006964007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fd7aff01a754032022-01-05 10:03:52.963root 11241100x80000000000000006964008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81252ce99e89daa12022-01-05 10:03:52.963root 11241100x80000000000000006964009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b657ea9fee688e2022-01-05 10:03:52.963root 11241100x80000000000000006964010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5744ca89a07141192022-01-05 10:03:52.963root 11241100x80000000000000006964011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9e95787e300cd62022-01-05 10:03:53.461root 11241100x80000000000000006964012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7b8a555ec43dc62022-01-05 10:03:53.461root 11241100x80000000000000006964013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f74c3479ea13be2022-01-05 10:03:53.461root 11241100x80000000000000006964014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334cc6fb22cee0a62022-01-05 10:03:53.462root 11241100x80000000000000006964015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aa7d123fc4d4a82022-01-05 10:03:53.462root 11241100x80000000000000006964016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7ba3a6821288f82022-01-05 10:03:53.462root 11241100x80000000000000006964017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be151aa60554b94c2022-01-05 10:03:53.462root 11241100x80000000000000006964018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c12723738358bd2022-01-05 10:03:53.463root 11241100x80000000000000006964019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830f54deefe247e42022-01-05 10:03:53.463root 11241100x80000000000000006964020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efb6b3d474bf01e2022-01-05 10:03:53.463root 11241100x80000000000000006964021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56526507e6c3a14a2022-01-05 10:03:53.463root 11241100x80000000000000006964022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987d2cbe4c8005862022-01-05 10:03:53.463root 11241100x80000000000000006964023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b031eb9b39cbbcb2022-01-05 10:03:53.463root 11241100x80000000000000006964024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9479d08ca0daf8802022-01-05 10:03:53.463root 11241100x80000000000000006964025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83f33b92bda28a02022-01-05 10:03:53.463root 11241100x80000000000000006964026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5caac4ccef27fd12022-01-05 10:03:53.463root 11241100x80000000000000006964027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e08e744fae34e642022-01-05 10:03:53.463root 11241100x80000000000000006964028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aea7803c0948d2a2022-01-05 10:03:53.463root 11241100x80000000000000006964029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db6defff194f8982022-01-05 10:03:53.463root 11241100x80000000000000006964030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbdf8deedfab7c32022-01-05 10:03:53.464root 11241100x80000000000000006964031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed6c593e62501fa2022-01-05 10:03:53.464root 11241100x80000000000000006964032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e23d0e13f0cf9c2022-01-05 10:03:53.464root 11241100x80000000000000006964033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac3c7af6f88ebba2022-01-05 10:03:53.464root 11241100x80000000000000006964034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a65837b9f7377752022-01-05 10:03:53.464root 11241100x80000000000000006964035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec4e67ba68e3f662022-01-05 10:03:53.464root 11241100x80000000000000006964036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12113305ff2152702022-01-05 10:03:53.464root 11241100x80000000000000006964037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac3432b0c72306c2022-01-05 10:03:53.464root 11241100x80000000000000006964038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1456c38d2a8be1372022-01-05 10:03:53.464root 11241100x80000000000000006964039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e988f10f3b40d32022-01-05 10:03:53.464root 11241100x80000000000000006964040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422c0bac08b42de12022-01-05 10:03:53.464root 11241100x80000000000000006964041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ad31789023f9192022-01-05 10:03:53.465root 11241100x80000000000000006964042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368248b439ccfbd82022-01-05 10:03:53.465root 11241100x80000000000000006964043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087543e4d3eb43152022-01-05 10:03:53.465root 11241100x80000000000000006964044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c1b372907794172022-01-05 10:03:53.465root 11241100x80000000000000006964045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c51f68ed59b81402022-01-05 10:03:53.465root 11241100x80000000000000006964046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4524d576c856a21d2022-01-05 10:03:53.466root 11241100x80000000000000006964047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd100e158123e5cd2022-01-05 10:03:53.466root 11241100x80000000000000006964048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf542278f2e4089d2022-01-05 10:03:53.466root 11241100x80000000000000006964049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0c6c809fc73b2c2022-01-05 10:03:53.466root 11241100x80000000000000006964050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9083b7f2b7288b062022-01-05 10:03:53.466root 11241100x80000000000000006964051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bf694f902b407a2022-01-05 10:03:53.466root 11241100x80000000000000006964052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e46a93437c74822022-01-05 10:03:53.467root 11241100x80000000000000006964053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3225e71e5187c3b02022-01-05 10:03:53.961root 11241100x80000000000000006964054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475283839409d3922022-01-05 10:03:53.961root 11241100x80000000000000006964055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55d38b4d802c7c02022-01-05 10:03:53.961root 11241100x80000000000000006964056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bb5693538ba5e02022-01-05 10:03:53.961root 11241100x80000000000000006964057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ce813afbe9a7d12022-01-05 10:03:53.961root 11241100x80000000000000006964058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cecfebb2e881ee2022-01-05 10:03:53.961root 11241100x80000000000000006964059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc56157b31ef8ff82022-01-05 10:03:53.961root 11241100x80000000000000006964060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637d083c1891176c2022-01-05 10:03:53.962root 11241100x80000000000000006964061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28837d436cf7369d2022-01-05 10:03:53.962root 11241100x80000000000000006964062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec0d2293a0443792022-01-05 10:03:53.962root 11241100x80000000000000006964063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1811537c075979cf2022-01-05 10:03:53.962root 11241100x80000000000000006964064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46cb5d1c93568df2022-01-05 10:03:53.962root 11241100x80000000000000006964065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b5aac8c2b339162022-01-05 10:03:53.962root 11241100x80000000000000006964066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb4c679dd122802022-01-05 10:03:53.962root 11241100x80000000000000006964067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98d84e68f0d5e052022-01-05 10:03:53.962root 11241100x80000000000000006964068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876e59620899e5a52022-01-05 10:03:53.962root 11241100x80000000000000006964069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6b7a165a50e6412022-01-05 10:03:53.962root 11241100x80000000000000006964070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08da98cc76d54b662022-01-05 10:03:53.963root 11241100x80000000000000006964071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cc38d46dd5048d2022-01-05 10:03:53.963root 11241100x80000000000000006964072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c938d6d0ebd3a2ff2022-01-05 10:03:53.963root 11241100x80000000000000006964073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26e5aa4466b3b192022-01-05 10:03:53.963root 11241100x80000000000000006964074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44ce3aa4b44bfb52022-01-05 10:03:53.963root 11241100x80000000000000006964075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616d5cf802a7c74c2022-01-05 10:03:53.963root 11241100x80000000000000006964076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8817508d263e12372022-01-05 10:03:53.963root 11241100x80000000000000006964077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38652dcf53258ae62022-01-05 10:03:53.963root 11241100x80000000000000006964078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2e5cf54a05e6a92022-01-05 10:03:53.963root 11241100x80000000000000006964079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aaaa18653c59e72022-01-05 10:03:53.964root 11241100x80000000000000006964080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa2028f246478f32022-01-05 10:03:53.964root 11241100x80000000000000006964081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad98d75ebfb9be802022-01-05 10:03:53.964root 11241100x80000000000000006964082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c03a38f141fb072022-01-05 10:03:53.964root 11241100x80000000000000006964083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3272ce48826df32022-01-05 10:03:53.964root 11241100x80000000000000006964084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e2b89854118f8b2022-01-05 10:03:53.964root 11241100x80000000000000006964085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0980156bd0397e2022-01-05 10:03:53.964root 11241100x80000000000000006964086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841871fb7eb397972022-01-05 10:03:53.965root 11241100x80000000000000006964087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85dd9bdfd6cb9b72022-01-05 10:03:53.965root 11241100x80000000000000006964088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abc61bae253c3042022-01-05 10:03:53.965root 11241100x80000000000000006964089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc79d9cd8e2b33ee2022-01-05 10:03:53.965root 11241100x80000000000000006964090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee99aff8c3f09f7e2022-01-05 10:03:53.965root 11241100x80000000000000006964091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024ac3f67c6311792022-01-05 10:03:53.965root 11241100x80000000000000006964092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0065175b17e44c02022-01-05 10:03:53.965root 11241100x80000000000000006964093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cbf92653161ce12022-01-05 10:03:53.965root 11241100x80000000000000006964094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:53.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d75e3ae358efa552022-01-05 10:03:53.965root 11241100x80000000000000006964095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f832476ee475382022-01-05 10:03:54.461root 11241100x80000000000000006964096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36155700ff1c69262022-01-05 10:03:54.461root 11241100x80000000000000006964097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa9bdc6518611782022-01-05 10:03:54.461root 11241100x80000000000000006964098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309804c9bbd17c092022-01-05 10:03:54.461root 11241100x80000000000000006964099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d8f10884c5003f2022-01-05 10:03:54.461root 11241100x80000000000000006964100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efb2b565e7bae362022-01-05 10:03:54.461root 11241100x80000000000000006964101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d913140841d43102022-01-05 10:03:54.462root 11241100x80000000000000006964102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19cb2fa91032d522022-01-05 10:03:54.462root 11241100x80000000000000006964103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e812a9013ca3d12022-01-05 10:03:54.462root 11241100x80000000000000006964104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0145954a1c19a0102022-01-05 10:03:54.462root 11241100x80000000000000006964105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ae912de51add0d2022-01-05 10:03:54.462root 11241100x80000000000000006964106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c771e3b418e4fdc32022-01-05 10:03:54.462root 11241100x80000000000000006964107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6d365e9006bf972022-01-05 10:03:54.462root 11241100x80000000000000006964108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bcb1a9ee805e582022-01-05 10:03:54.462root 11241100x80000000000000006964109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781a73902811bbf22022-01-05 10:03:54.462root 11241100x80000000000000006964110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990770a5625163102022-01-05 10:03:54.462root 11241100x80000000000000006964111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f43f66778cb7dd02022-01-05 10:03:54.462root 11241100x80000000000000006964112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d73c44fb0b233d22022-01-05 10:03:54.462root 11241100x80000000000000006964113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c24e80a26ab3e62022-01-05 10:03:54.462root 11241100x80000000000000006964114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482385efea3287d42022-01-05 10:03:54.462root 11241100x80000000000000006964115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0eede817d7751d2022-01-05 10:03:54.462root 11241100x80000000000000006964116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50763de49fdff092022-01-05 10:03:54.463root 11241100x80000000000000006964117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b5fe0450154eb02022-01-05 10:03:54.463root 11241100x80000000000000006964118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01594121e7e99bb32022-01-05 10:03:54.463root 11241100x80000000000000006964119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e144e71eba6b872022-01-05 10:03:54.463root 11241100x80000000000000006964120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24dc2b1ddebe36982022-01-05 10:03:54.463root 11241100x80000000000000006964121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6bf5a56ab296382022-01-05 10:03:54.463root 11241100x80000000000000006964122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b077fa66816122c2022-01-05 10:03:54.463root 11241100x80000000000000006964123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4391b4a91921a5ee2022-01-05 10:03:54.463root 11241100x80000000000000006964124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f0563e1cbe9ba52022-01-05 10:03:54.463root 11241100x80000000000000006964125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06b00a79b3987312022-01-05 10:03:54.463root 11241100x80000000000000006964126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce2411fc913a43b2022-01-05 10:03:54.463root 11241100x80000000000000006964127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6af110345fc6ab2022-01-05 10:03:54.463root 11241100x80000000000000006964128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497c8486b559e2172022-01-05 10:03:54.463root 11241100x80000000000000006964129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1338685c22addba12022-01-05 10:03:54.463root 11241100x80000000000000006964130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c92650f3de222f2022-01-05 10:03:54.463root 11241100x80000000000000006964131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25d75c0edc8b2e82022-01-05 10:03:54.464root 11241100x80000000000000006964132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f480d164aea57ea22022-01-05 10:03:54.464root 11241100x80000000000000006964133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07d628f1a2abec32022-01-05 10:03:54.464root 11241100x80000000000000006964134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf2a1167ac76a72022-01-05 10:03:54.464root 11241100x80000000000000006964135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74079955c562f2b52022-01-05 10:03:54.464root 11241100x80000000000000006964136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd11074daedca132022-01-05 10:03:54.464root 11241100x80000000000000006964137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20ade8d53ab89c52022-01-05 10:03:54.961root 11241100x80000000000000006964138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc379442eaf142c2022-01-05 10:03:54.961root 11241100x80000000000000006964139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787b1bc603745b272022-01-05 10:03:54.961root 11241100x80000000000000006964140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1719925cbf4030222022-01-05 10:03:54.961root 11241100x80000000000000006964141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316bdaec542b19c82022-01-05 10:03:54.961root 11241100x80000000000000006964142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76af51f518bdd15d2022-01-05 10:03:54.962root 11241100x80000000000000006964143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf89528fb8fb73d2022-01-05 10:03:54.962root 11241100x80000000000000006964144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0513eee941f98642022-01-05 10:03:54.962root 11241100x80000000000000006964145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c3b919f680e5a72022-01-05 10:03:54.962root 11241100x80000000000000006964146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e91da3527e236a2022-01-05 10:03:54.962root 11241100x80000000000000006964147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ebd2742f528c9b2022-01-05 10:03:54.962root 11241100x80000000000000006964148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538c6ba9dc8f44322022-01-05 10:03:54.962root 11241100x80000000000000006964149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853e781fae883392022-01-05 10:03:54.962root 11241100x80000000000000006964150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9be887e6d0da822022-01-05 10:03:54.963root 11241100x80000000000000006964151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058422fe803ff3e42022-01-05 10:03:54.963root 11241100x80000000000000006964152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8c2b78015db7d72022-01-05 10:03:54.963root 11241100x80000000000000006964153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecc9455e5d1e8232022-01-05 10:03:54.963root 11241100x80000000000000006964154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115fcb93e8fb08a02022-01-05 10:03:54.963root 11241100x80000000000000006964155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca04d9b5111023b2022-01-05 10:03:54.963root 11241100x80000000000000006964156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92ed92262b2a2702022-01-05 10:03:54.963root 11241100x80000000000000006964157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f103b5797b05902022-01-05 10:03:54.963root 11241100x80000000000000006964158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a3f675023b4f012022-01-05 10:03:54.963root 11241100x80000000000000006964159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00491a3739d1fc222022-01-05 10:03:54.963root 11241100x80000000000000006964160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b19b4412c58831d2022-01-05 10:03:54.963root 11241100x80000000000000006964161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c175a9f0f7def4312022-01-05 10:03:54.963root 11241100x80000000000000006964162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9892215a6c7c7e562022-01-05 10:03:54.963root 11241100x80000000000000006964163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c646848118c1b62022-01-05 10:03:54.963root 11241100x80000000000000006964164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b553757677e1d52022-01-05 10:03:54.963root 11241100x80000000000000006964165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c8a6c62d59f8292022-01-05 10:03:54.964root 11241100x80000000000000006964166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a752cd01bad3d0a02022-01-05 10:03:54.964root 11241100x80000000000000006964167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066a246c80a768182022-01-05 10:03:54.964root 11241100x80000000000000006964168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623e48ef137ec72a2022-01-05 10:03:54.964root 11241100x80000000000000006964169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b45859151f272932022-01-05 10:03:54.964root 11241100x80000000000000006964170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b43173c7419dc2022-01-05 10:03:54.964root 11241100x80000000000000006964171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab01b186772cb742022-01-05 10:03:54.964root 11241100x80000000000000006964172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d335ccba0b7689e2022-01-05 10:03:54.964root 11241100x80000000000000006964173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaa3a08331afb3d2022-01-05 10:03:54.964root 11241100x80000000000000006964174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a48b8360257c80a2022-01-05 10:03:54.964root 11241100x80000000000000006964175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b848bbb27e3dbf32022-01-05 10:03:54.964root 11241100x80000000000000006964176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5464571934f862ed2022-01-05 10:03:54.964root 11241100x80000000000000006964177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a05b4dd665329d2022-01-05 10:03:54.964root 11241100x80000000000000006964178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:54.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679f68b191efcce62022-01-05 10:03:54.964root 11241100x80000000000000006964179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7209d8403952082022-01-05 10:03:55.461root 11241100x80000000000000006964180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95f1178ad0e1ce82022-01-05 10:03:55.461root 11241100x80000000000000006964181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c383f3cd2321d3292022-01-05 10:03:55.461root 11241100x80000000000000006964182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cf62771bbad6c12022-01-05 10:03:55.461root 11241100x80000000000000006964183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87ac5cbf6c901af2022-01-05 10:03:55.461root 11241100x80000000000000006964184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec8675d546996f92022-01-05 10:03:55.461root 11241100x80000000000000006964185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad945ab075ea08e32022-01-05 10:03:55.461root 11241100x80000000000000006964186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c75bb13355b38ec2022-01-05 10:03:55.461root 11241100x80000000000000006964187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8020b3964237c7b72022-01-05 10:03:55.462root 11241100x80000000000000006964188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474588fe0eaf7af32022-01-05 10:03:55.462root 11241100x80000000000000006964189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a01255a3da868f2022-01-05 10:03:55.462root 11241100x80000000000000006964190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cf56eb44d5d0d82022-01-05 10:03:55.462root 11241100x80000000000000006964191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3d2d3555fa8b972022-01-05 10:03:55.462root 11241100x80000000000000006964192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c09092682b959582022-01-05 10:03:55.462root 11241100x80000000000000006964193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ca0236c6a612452022-01-05 10:03:55.462root 11241100x80000000000000006964194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a656cd198db98692022-01-05 10:03:55.462root 11241100x80000000000000006964195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec1196b019c53f2022-01-05 10:03:55.462root 11241100x80000000000000006964196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba54a5e2c0d4636d2022-01-05 10:03:55.462root 11241100x80000000000000006964197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e4f49158475c8b2022-01-05 10:03:55.462root 11241100x80000000000000006964198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bc002d40bcfeeb2022-01-05 10:03:55.462root 11241100x80000000000000006964199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5f35f23b8faa8d2022-01-05 10:03:55.462root 11241100x80000000000000006964200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283378386df856812022-01-05 10:03:55.462root 11241100x80000000000000006964201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cb01c64f9dae972022-01-05 10:03:55.462root 11241100x80000000000000006964202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b99a1f35d745d82022-01-05 10:03:55.462root 11241100x80000000000000006964203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e50b2eabcafad352022-01-05 10:03:55.463root 11241100x80000000000000006964204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cb3bf82ba4beb52022-01-05 10:03:55.463root 11241100x80000000000000006964205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3223c81a99fff9e02022-01-05 10:03:55.463root 11241100x80000000000000006964206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473ee59b7f53695d2022-01-05 10:03:55.463root 11241100x80000000000000006964207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10bda1546cb6c1b2022-01-05 10:03:55.463root 11241100x80000000000000006964208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fcad11c09dae652022-01-05 10:03:55.463root 11241100x80000000000000006964209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaba496388b97f52022-01-05 10:03:55.463root 11241100x80000000000000006964210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e67aee97c75f372022-01-05 10:03:55.463root 11241100x80000000000000006964211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e63124a37ebb182022-01-05 10:03:55.463root 11241100x80000000000000006964212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3589dce1d03fe2332022-01-05 10:03:55.463root 11241100x80000000000000006964213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ece409c2aed7ee2022-01-05 10:03:55.464root 11241100x80000000000000006964214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcef7a429a494752022-01-05 10:03:55.464root 11241100x80000000000000006964215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce581c4fd50b1d742022-01-05 10:03:55.464root 11241100x80000000000000006964216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f14b19006f89c32022-01-05 10:03:55.464root 11241100x80000000000000006964217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c5c3d2ae07323a2022-01-05 10:03:55.464root 11241100x80000000000000006964218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bd79c11a1aa0bd2022-01-05 10:03:55.464root 11241100x80000000000000006964219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a901741a4d2a8292022-01-05 10:03:55.465root 11241100x80000000000000006964220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90412ca68a1152702022-01-05 10:03:55.465root 11241100x80000000000000006964221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c436bb8d9d12a8852022-01-05 10:03:55.961root 11241100x80000000000000006964222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d529dfca57475672022-01-05 10:03:55.961root 11241100x80000000000000006964223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37ac751f7ff26122022-01-05 10:03:55.961root 11241100x80000000000000006964224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ce91adb6fd26c32022-01-05 10:03:55.961root 11241100x80000000000000006964225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32320c78a96959a62022-01-05 10:03:55.961root 11241100x80000000000000006964226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62596207185ed5db2022-01-05 10:03:55.961root 11241100x80000000000000006964227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecef1a92f4c1b832022-01-05 10:03:55.961root 11241100x80000000000000006964228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1e36f8161463e02022-01-05 10:03:55.961root 11241100x80000000000000006964229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809857bc1cbe15842022-01-05 10:03:55.961root 11241100x80000000000000006964230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706f0fbddc8a9bd42022-01-05 10:03:55.961root 11241100x80000000000000006964231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272e6f2b50a041d62022-01-05 10:03:55.961root 11241100x80000000000000006964232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33181d53b60684a22022-01-05 10:03:55.961root 11241100x80000000000000006964233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbab1cbc698010a2022-01-05 10:03:55.962root 11241100x80000000000000006964234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fa8225c6ef14b32022-01-05 10:03:55.962root 11241100x80000000000000006964235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acfdb8caa68a87d2022-01-05 10:03:55.962root 11241100x80000000000000006964236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee99c49d7db799d2022-01-05 10:03:55.962root 11241100x80000000000000006964237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea70530c9a3e950a2022-01-05 10:03:55.962root 11241100x80000000000000006964238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e16396dbee08372022-01-05 10:03:55.962root 11241100x80000000000000006964239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f64edb49ed62c632022-01-05 10:03:55.962root 11241100x80000000000000006964240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8229366504c7cd52022-01-05 10:03:55.962root 11241100x80000000000000006964241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea4181995feabaa2022-01-05 10:03:55.962root 11241100x80000000000000006964242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1757ccd12e988422022-01-05 10:03:55.962root 11241100x80000000000000006964243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6c250f1b390c422022-01-05 10:03:55.962root 11241100x80000000000000006964244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55ec81a0a1c6f502022-01-05 10:03:55.962root 11241100x80000000000000006964245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98e82aa119929582022-01-05 10:03:55.962root 11241100x80000000000000006964246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7a58c7ff7ef4062022-01-05 10:03:55.962root 11241100x80000000000000006964247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c083883b100d5a6f2022-01-05 10:03:55.962root 11241100x80000000000000006964248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0f4bd423f336e82022-01-05 10:03:55.963root 11241100x80000000000000006964249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023a5806fb39ef0f2022-01-05 10:03:55.963root 11241100x80000000000000006964250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0ebb9e7c7addc62022-01-05 10:03:55.963root 11241100x80000000000000006964251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa97470432740a62022-01-05 10:03:55.963root 11241100x80000000000000006964252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173463c3dac6ac542022-01-05 10:03:55.963root 11241100x80000000000000006964253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c3ad492fa0cfaf2022-01-05 10:03:55.963root 11241100x80000000000000006964254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73549f1d74a4d4402022-01-05 10:03:55.963root 11241100x80000000000000006964255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b94b66970f1db012022-01-05 10:03:55.963root 11241100x80000000000000006964256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4f010b7e476c902022-01-05 10:03:55.963root 11241100x80000000000000006964257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3640061de16a1cb2022-01-05 10:03:55.963root 11241100x80000000000000006964258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a51dd7cbe35c5e2022-01-05 10:03:55.964root 11241100x80000000000000006964259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aad39e875f826562022-01-05 10:03:55.964root 11241100x80000000000000006964260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9d2d41b15a9abe2022-01-05 10:03:55.964root 11241100x80000000000000006964261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5373073a917e51f22022-01-05 10:03:55.964root 11241100x80000000000000006964262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:55.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3a8466af9005162022-01-05 10:03:55.964root 11241100x80000000000000006964263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b33507232ce8f6f2022-01-05 10:03:56.461root 11241100x80000000000000006964264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9afd733472cf9fd2022-01-05 10:03:56.461root 11241100x80000000000000006964265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839ed7b97d8aa3b72022-01-05 10:03:56.461root 11241100x80000000000000006964266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bc94e7fbb143cd2022-01-05 10:03:56.461root 11241100x80000000000000006964267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb08a77549a3de302022-01-05 10:03:56.461root 11241100x80000000000000006964268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35550582deb72692022-01-05 10:03:56.461root 11241100x80000000000000006964269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f514dcfd4973be6d2022-01-05 10:03:56.461root 11241100x80000000000000006964270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2726e59c671cb30c2022-01-05 10:03:56.462root 11241100x80000000000000006964271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb987f4201deffae2022-01-05 10:03:56.462root 11241100x80000000000000006964272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d817c0133fe35382022-01-05 10:03:56.462root 11241100x80000000000000006964273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c3e666a19384902022-01-05 10:03:56.462root 11241100x80000000000000006964274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f73e2ab8e1bfaba2022-01-05 10:03:56.462root 11241100x80000000000000006964275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9883b071da9b16c52022-01-05 10:03:56.462root 11241100x80000000000000006964276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebbf1b19b7a8dd62022-01-05 10:03:56.462root 11241100x80000000000000006964277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5aa1d2576feb212022-01-05 10:03:56.462root 11241100x80000000000000006964278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edbdfae65af42502022-01-05 10:03:56.462root 11241100x80000000000000006964279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42cacfb845c69ae2022-01-05 10:03:56.462root 11241100x80000000000000006964280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9798af83b3797b42022-01-05 10:03:56.463root 11241100x80000000000000006964281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c90a384221029072022-01-05 10:03:56.463root 11241100x80000000000000006964282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8148cd94b40638fb2022-01-05 10:03:56.463root 11241100x80000000000000006964283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73234c67549600b2022-01-05 10:03:56.463root 11241100x80000000000000006964284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad63e012660a8d702022-01-05 10:03:56.463root 11241100x80000000000000006964285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fe140c3a8f42582022-01-05 10:03:56.463root 11241100x80000000000000006964286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f6e5fd52b7e99b2022-01-05 10:03:56.463root 11241100x80000000000000006964287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc2d219785ea43b2022-01-05 10:03:56.463root 11241100x80000000000000006964288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e3aa4be025cf0f2022-01-05 10:03:56.463root 11241100x80000000000000006964289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2759c7c5243a0e782022-01-05 10:03:56.464root 11241100x80000000000000006964290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67ac69401c090f42022-01-05 10:03:56.464root 11241100x80000000000000006964291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fcc438c0c8e5492022-01-05 10:03:56.464root 11241100x80000000000000006964292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7048962426b04122022-01-05 10:03:56.464root 11241100x80000000000000006964293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c954c45a9667302022-01-05 10:03:56.464root 11241100x80000000000000006964337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:59.220{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:03:59.220root 11241100x80000000000000006964338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:03:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae3fa46b227012d2022-01-05 10:03:59.709root 11241100x80000000000000006964339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c88680f41eeb072022-01-05 10:04:00.209root 11241100x80000000000000006964340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cc6a0bf0048f3b2022-01-05 10:04:00.709root 11241100x80000000000000006964341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:01.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1842d396744642782022-01-05 10:04:01.209root 11241100x80000000000000006964342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd19e496089aa122022-01-05 10:04:01.709root 354300x80000000000000006964343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:02.075{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41746-false10.0.1.12-8000- 11241100x80000000000000006964344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:02.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c733c9577fca817f2022-01-05 10:04:02.075root 23542300x80000000000000006964345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:02.166{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006964346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:02.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e42ec8176e7c68f2022-01-05 10:04:02.459root 11241100x80000000000000006964347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:02.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4477e842e8e3fb0c2022-01-05 10:04:02.459root 11241100x80000000000000006964348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:02.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a261a64d910e01bf2022-01-05 10:04:02.459root 11241100x80000000000000006964349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:02.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2380a8c5bd810aa2022-01-05 10:04:02.959root 11241100x80000000000000006964350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:02.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddc4db91364a5c62022-01-05 10:04:02.959root 11241100x80000000000000006964351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:02.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094fc28a28f307ed2022-01-05 10:04:02.959root 11241100x80000000000000006964352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bb874e4d80404b2022-01-05 10:04:03.459root 11241100x80000000000000006964353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb6bcc355e4f3822022-01-05 10:04:03.459root 11241100x80000000000000006964354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddeff6dd5974f642022-01-05 10:04:03.459root 11241100x80000000000000006964355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4bb3ea8adff1b02022-01-05 10:04:03.959root 11241100x80000000000000006964356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2489d4a7b110a7962022-01-05 10:04:03.959root 11241100x80000000000000006964357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86117a4a480c01722022-01-05 10:04:03.959root 11241100x80000000000000006964358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd64d9aa81c87d92022-01-05 10:04:04.459root 11241100x80000000000000006964359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9ffe23dc98770e2022-01-05 10:04:04.459root 11241100x80000000000000006964360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88383abea1f40b82022-01-05 10:04:04.459root 11241100x80000000000000006964361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1c3a5d21e154642022-01-05 10:04:04.959root 11241100x80000000000000006964362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477cf95cf09f44872022-01-05 10:04:04.959root 11241100x80000000000000006964363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1247e83873ba1882022-01-05 10:04:04.959root 11241100x80000000000000006964364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f86b50590eb1912022-01-05 10:04:05.459root 11241100x80000000000000006964365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183df46a3d85653e2022-01-05 10:04:05.459root 11241100x80000000000000006964366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4172b711fe896cc22022-01-05 10:04:05.459root 11241100x80000000000000006964367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58282ef3928352a2022-01-05 10:04:05.959root 11241100x80000000000000006964368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8ccb88137e51e82022-01-05 10:04:05.959root 11241100x80000000000000006964369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be66e5b3ea5346d2022-01-05 10:04:05.959root 11241100x80000000000000006964370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15fb4d2694e361d2022-01-05 10:04:06.459root 11241100x80000000000000006964371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65870a813478f182022-01-05 10:04:06.459root 11241100x80000000000000006964372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b8c4b32eabcce12022-01-05 10:04:06.459root 11241100x80000000000000006964373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fe62b716fb70282022-01-05 10:04:06.959root 11241100x80000000000000006964374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e072064fd284a42022-01-05 10:04:06.959root 11241100x80000000000000006964375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb421057e3f575c2022-01-05 10:04:06.959root 354300x80000000000000006964376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:07.169{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41748-false10.0.1.12-8000- 11241100x80000000000000006964377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bf4af79f2f37f02022-01-05 10:04:07.459root 11241100x80000000000000006964378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d87515ce780f112022-01-05 10:04:07.459root 11241100x80000000000000006964379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51753a8b722532b02022-01-05 10:04:07.459root 11241100x80000000000000006964380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c43c50f155f508c2022-01-05 10:04:07.459root 11241100x80000000000000006964381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bdfad7e1bfcf5c2022-01-05 10:04:07.959root 11241100x80000000000000006964382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0d905c7d8c4ff02022-01-05 10:04:07.959root 11241100x80000000000000006964383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4b0a4579b9a26f2022-01-05 10:04:07.959root 11241100x80000000000000006964384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976b90784605b3e12022-01-05 10:04:07.959root 11241100x80000000000000006964385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb935d879212e8ca2022-01-05 10:04:08.459root 11241100x80000000000000006964386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3781346d618bfd042022-01-05 10:04:08.459root 11241100x80000000000000006964387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2e9354bce1b7872022-01-05 10:04:08.459root 11241100x80000000000000006964388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299260c77243d9df2022-01-05 10:04:08.459root 11241100x80000000000000006964389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b02b00b80b97dc52022-01-05 10:04:08.959root 11241100x80000000000000006964390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fae7ccba39beed2022-01-05 10:04:08.959root 11241100x80000000000000006964391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfa18cab1449e012022-01-05 10:04:08.959root 11241100x80000000000000006964392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a3b7bcf0f6ad0d2022-01-05 10:04:08.959root 11241100x80000000000000006964393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec2c9a776b768142022-01-05 10:04:09.459root 11241100x80000000000000006964394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a235e3874db27c2022-01-05 10:04:09.459root 11241100x80000000000000006964395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027de8af0c5034192022-01-05 10:04:09.459root 11241100x80000000000000006964396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33da7267c61fdac42022-01-05 10:04:09.459root 11241100x80000000000000006964397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3820bb2fe8faa4222022-01-05 10:04:09.959root 11241100x80000000000000006964398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a786fdc90ed2062022-01-05 10:04:09.959root 11241100x80000000000000006964399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a73f406a3c064492022-01-05 10:04:09.959root 11241100x80000000000000006964400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f85b1bab819a9f2022-01-05 10:04:09.959root 11241100x80000000000000006964401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc0ef6f130065722022-01-05 10:04:10.459root 11241100x80000000000000006964402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27253aeb0373d5b72022-01-05 10:04:10.459root 11241100x80000000000000006964403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d6e9e42034cb2f2022-01-05 10:04:10.459root 11241100x80000000000000006964404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2530239a68a08ec32022-01-05 10:04:10.459root 11241100x80000000000000006964405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50c1bd5de087ca92022-01-05 10:04:10.959root 11241100x80000000000000006964406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e188602525d4e8e2022-01-05 10:04:10.959root 11241100x80000000000000006964407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c23a58ee0205162022-01-05 10:04:10.959root 11241100x80000000000000006964408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57858847c4b538442022-01-05 10:04:10.959root 11241100x80000000000000006964409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b0ce0f3c402ce92022-01-05 10:04:11.459root 11241100x80000000000000006964410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd95217089d269192022-01-05 10:04:11.459root 11241100x80000000000000006964411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06027ce3d3805fe2022-01-05 10:04:11.459root 11241100x80000000000000006964412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490348be74e004e72022-01-05 10:04:11.459root 11241100x80000000000000006964413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b193696d051d852022-01-05 10:04:11.959root 11241100x80000000000000006964414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4772f868fa046db12022-01-05 10:04:11.959root 11241100x80000000000000006964415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b2790d594867b72022-01-05 10:04:11.959root 11241100x80000000000000006964416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9f41142286a21e2022-01-05 10:04:11.959root 354300x80000000000000006964417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.226{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41750-false10.0.1.12-8000- 11241100x80000000000000006964418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb800bcc0c16e522022-01-05 10:04:12.227root 11241100x80000000000000006964419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00be2bae23eefd4f2022-01-05 10:04:12.227root 11241100x80000000000000006964420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c76a55ed545a692022-01-05 10:04:12.227root 11241100x80000000000000006964421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1ccf3940c11b652022-01-05 10:04:12.227root 11241100x80000000000000006964422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbff3124ae5a59002022-01-05 10:04:12.227root 11241100x80000000000000006964423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d918a21f97cbb3292022-01-05 10:04:12.709root 11241100x80000000000000006964424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f46fdb37f83e8f12022-01-05 10:04:12.709root 11241100x80000000000000006964425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556bdf859b8092642022-01-05 10:04:12.710root 11241100x80000000000000006964426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a456a904323153732022-01-05 10:04:12.710root 11241100x80000000000000006964427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f923a69f64b7742d2022-01-05 10:04:12.710root 11241100x80000000000000006964428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a509e2d096983882022-01-05 10:04:13.209root 11241100x80000000000000006964429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3f32f6629c39dc2022-01-05 10:04:13.209root 11241100x80000000000000006964430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984cdf618acdfaae2022-01-05 10:04:13.210root 11241100x80000000000000006964431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ede8af30a72e542022-01-05 10:04:13.210root 11241100x80000000000000006964432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25703fe8770ae0a2022-01-05 10:04:13.210root 11241100x80000000000000006964433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52f482fa3507f372022-01-05 10:04:13.709root 11241100x80000000000000006964434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63b12040d8a0b1b2022-01-05 10:04:13.709root 11241100x80000000000000006964435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c379776cad0da042022-01-05 10:04:13.709root 11241100x80000000000000006964436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0442974d5b1d73252022-01-05 10:04:13.709root 11241100x80000000000000006964437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e57863ff16e26c2022-01-05 10:04:13.710root 11241100x80000000000000006964438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333bddd20506ee462022-01-05 10:04:14.209root 11241100x80000000000000006964439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c550eae4856180a2022-01-05 10:04:14.209root 11241100x80000000000000006964440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20628e83134631e62022-01-05 10:04:14.209root 11241100x80000000000000006964441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3539e9b300e46bc92022-01-05 10:04:14.209root 11241100x80000000000000006964442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec88fc8335b8bbe2022-01-05 10:04:14.209root 11241100x80000000000000006964443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c9b626125333712022-01-05 10:04:14.709root 11241100x80000000000000006964444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515433c2fdd2070a2022-01-05 10:04:14.709root 11241100x80000000000000006964445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e821e5b8861e1a32022-01-05 10:04:14.709root 11241100x80000000000000006964446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ff2e4989c76c612022-01-05 10:04:14.709root 11241100x80000000000000006964447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d7c57538f8cbe92022-01-05 10:04:14.709root 11241100x80000000000000006964448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898b6877971db4ea2022-01-05 10:04:15.209root 11241100x80000000000000006964449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a416433962c2c42022-01-05 10:04:15.209root 11241100x80000000000000006964450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17386f131504ab512022-01-05 10:04:15.209root 11241100x80000000000000006964451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194ca092b00261242022-01-05 10:04:15.209root 11241100x80000000000000006964452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd39b796e59538192022-01-05 10:04:15.209root 11241100x80000000000000006964453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce416e484431c7d2022-01-05 10:04:15.709root 11241100x80000000000000006964454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fe69d15f10f6b82022-01-05 10:04:15.709root 11241100x80000000000000006964455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c735867537cb8512022-01-05 10:04:15.709root 11241100x80000000000000006964456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a40655729aabeba2022-01-05 10:04:15.709root 11241100x80000000000000006964457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260b8a82f2907f0a2022-01-05 10:04:15.710root 11241100x80000000000000006964458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c1f05002aae0db2022-01-05 10:04:16.209root 11241100x80000000000000006964459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4809c49438e3eb142022-01-05 10:04:16.209root 11241100x80000000000000006964460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f049fdac3b6337622022-01-05 10:04:16.209root 11241100x80000000000000006964461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea85ff952609a4d2022-01-05 10:04:16.210root 11241100x80000000000000006964462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a19d64351293d9d2022-01-05 10:04:16.210root 11241100x80000000000000006964463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c8df825ac4c5f72022-01-05 10:04:16.709root 11241100x80000000000000006964464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4d639d9771f3b52022-01-05 10:04:16.709root 11241100x80000000000000006964465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c11a816cad03462022-01-05 10:04:16.709root 11241100x80000000000000006964466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec07e35b40b366a2022-01-05 10:04:16.709root 11241100x80000000000000006964467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:16.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd134d45666e71392022-01-05 10:04:16.709root 11241100x80000000000000006964468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9de543f9cbad41a2022-01-05 10:04:17.209root 11241100x80000000000000006964469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6775df7daf385e6d2022-01-05 10:04:17.209root 11241100x80000000000000006964470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5424c02bf60b379b2022-01-05 10:04:17.209root 11241100x80000000000000006964471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72036eddf1ac68652022-01-05 10:04:17.209root 11241100x80000000000000006964472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44940d824ade47852022-01-05 10:04:17.209root 354300x80000000000000006964473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.248{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41752-false10.0.1.12-8000- 11241100x80000000000000006964474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0372507c91e7dad72022-01-05 10:04:17.709root 11241100x80000000000000006964475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c6fb4a4e1e34cc2022-01-05 10:04:17.709root 11241100x80000000000000006964476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72d2ef7aa88e5492022-01-05 10:04:17.709root 11241100x80000000000000006964477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dd1e8e09e3b4212022-01-05 10:04:17.709root 11241100x80000000000000006964478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46bd150eae6f5762022-01-05 10:04:17.710root 11241100x80000000000000006964479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5592092f5edb0f9a2022-01-05 10:04:17.710root 11241100x80000000000000006964480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95cade7406efb092022-01-05 10:04:18.209root 11241100x80000000000000006964481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d0ff652a2cef452022-01-05 10:04:18.209root 11241100x80000000000000006964482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1716f299b220c3022022-01-05 10:04:18.209root 11241100x80000000000000006964483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f874b4f7025e53a2022-01-05 10:04:18.209root 11241100x80000000000000006964484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8973c52c2a7eac582022-01-05 10:04:18.210root 11241100x80000000000000006964485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0d1af18282e9d32022-01-05 10:04:18.210root 11241100x80000000000000006964486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf8b4cf9865494a2022-01-05 10:04:18.709root 11241100x80000000000000006964487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e3b4e67eb189552022-01-05 10:04:18.709root 11241100x80000000000000006964488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e88b183e01a1f12022-01-05 10:04:18.709root 11241100x80000000000000006964489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4841e9dec76cdae52022-01-05 10:04:18.709root 11241100x80000000000000006964490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65087bbe216961c82022-01-05 10:04:18.709root 11241100x80000000000000006964491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7743552c9a065a2022-01-05 10:04:18.709root 11241100x80000000000000006964492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c382bedd2d41922022-01-05 10:04:19.209root 11241100x80000000000000006964493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05dac36826ad7582022-01-05 10:04:19.209root 11241100x80000000000000006964494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad437740b02ae7ce2022-01-05 10:04:19.210root 11241100x80000000000000006964495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d30c827fa643a702022-01-05 10:04:19.210root 11241100x80000000000000006964496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a8404fe05aaa22022-01-05 10:04:19.210root 11241100x80000000000000006964497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5328eb9bab5cce172022-01-05 10:04:19.210root 11241100x80000000000000006964498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de9eaf93ea73f5f2022-01-05 10:04:19.709root 11241100x80000000000000006964499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dfba8d043dbfef2022-01-05 10:04:19.709root 11241100x80000000000000006964500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e928b64d4160ebad2022-01-05 10:04:19.709root 11241100x80000000000000006964501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86e70bae96c8c922022-01-05 10:04:19.709root 11241100x80000000000000006964502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc9506044e8ca6b2022-01-05 10:04:19.710root 11241100x80000000000000006964503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322bf28dd4a779872022-01-05 10:04:19.710root 11241100x80000000000000006964504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bf98f2470b5df42022-01-05 10:04:20.209root 11241100x80000000000000006964505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb69fefbe383fa152022-01-05 10:04:20.209root 11241100x80000000000000006964506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7405f0db644bb542022-01-05 10:04:20.209root 11241100x80000000000000006964507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b59f8882f0c12bf2022-01-05 10:04:20.209root 11241100x80000000000000006964508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c106a4f557c154b2022-01-05 10:04:20.210root 11241100x80000000000000006964509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd53caf03880a26e2022-01-05 10:04:20.210root 11241100x80000000000000006964510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa732bd9760601e72022-01-05 10:04:20.709root 11241100x80000000000000006964511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82e0c27a35534392022-01-05 10:04:20.709root 11241100x80000000000000006964512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aae8996781b5cfb2022-01-05 10:04:20.709root 11241100x80000000000000006964513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f6a93f3c8dea982022-01-05 10:04:20.709root 11241100x80000000000000006964514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bbe9899fee8dc92022-01-05 10:04:20.710root 11241100x80000000000000006964515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64814399ee4ef5f2022-01-05 10:04:20.710root 11241100x80000000000000006964516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f38cc64afa11772022-01-05 10:04:21.209root 11241100x80000000000000006964517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965e09350f64962e2022-01-05 10:04:21.209root 11241100x80000000000000006964518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55062d8445f794442022-01-05 10:04:21.209root 11241100x80000000000000006964519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2573c1ebee111c5a2022-01-05 10:04:21.209root 11241100x80000000000000006964520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93beed2c2a0946c2022-01-05 10:04:21.210root 11241100x80000000000000006964521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a00510c3d516792022-01-05 10:04:21.210root 11241100x80000000000000006964522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632bd35f2fc64aa62022-01-05 10:04:21.709root 11241100x80000000000000006964523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff8e8ebe4aa3aa92022-01-05 10:04:21.709root 11241100x80000000000000006964524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5058d392d083e92022-01-05 10:04:21.709root 11241100x80000000000000006964525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d4a9bfe8965b972022-01-05 10:04:21.709root 11241100x80000000000000006964526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad208e59e66c0a842022-01-05 10:04:21.710root 11241100x80000000000000006964527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c7331392fad8112022-01-05 10:04:21.710root 11241100x80000000000000006964528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419f365eecb06a9a2022-01-05 10:04:22.210root 11241100x80000000000000006964529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e84a521a1adbcb2022-01-05 10:04:22.210root 11241100x80000000000000006964530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268562f8b552cef52022-01-05 10:04:22.210root 11241100x80000000000000006964531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5085475b833c7c2022-01-05 10:04:22.210root 11241100x80000000000000006964532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dcc2a73a2170fd2022-01-05 10:04:22.211root 11241100x80000000000000006964533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43694f5aa728c3c2022-01-05 10:04:22.211root 11241100x80000000000000006964534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705e69c4086ae8472022-01-05 10:04:22.709root 11241100x80000000000000006964535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0ad427bd157dc72022-01-05 10:04:22.709root 11241100x80000000000000006964536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44516caf6fff83a2022-01-05 10:04:22.709root 11241100x80000000000000006964537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeec21d093d5cd002022-01-05 10:04:22.709root 11241100x80000000000000006964538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a9e75f5925ce32022-01-05 10:04:22.710root 11241100x80000000000000006964539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a86ab81c6124572022-01-05 10:04:22.710root 354300x80000000000000006964540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.059{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41754-false10.0.1.12-8000- 11241100x80000000000000006964541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c5e4edfe3db7bd2022-01-05 10:04:23.060root 11241100x80000000000000006964542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ef7926094647ee2022-01-05 10:04:23.060root 11241100x80000000000000006964543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f12b1abeb37ce552022-01-05 10:04:23.061root 11241100x80000000000000006964544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71b8fbd0769acd62022-01-05 10:04:23.061root 11241100x80000000000000006964545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009df1306fac39cb2022-01-05 10:04:23.061root 11241100x80000000000000006964546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6e4618b07400092022-01-05 10:04:23.061root 11241100x80000000000000006964547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b906eec9f75725f2022-01-05 10:04:23.061root 11241100x80000000000000006964548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b69e86af10c37562022-01-05 10:04:23.459root 11241100x80000000000000006964549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7541d8a9a8f12de42022-01-05 10:04:23.459root 11241100x80000000000000006964550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f542580281219bd62022-01-05 10:04:23.459root 11241100x80000000000000006964551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a212ff86368e7d72022-01-05 10:04:23.459root 11241100x80000000000000006964552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe50829143e57f02022-01-05 10:04:23.460root 11241100x80000000000000006964553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a492de347034d9d62022-01-05 10:04:23.460root 11241100x80000000000000006964554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f40cafb6e268c2b2022-01-05 10:04:23.460root 11241100x80000000000000006964555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fd6a20ce1c14d72022-01-05 10:04:23.959root 11241100x80000000000000006964556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502c834d0a8b573c2022-01-05 10:04:23.959root 11241100x80000000000000006964557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af13cf18d1186a12022-01-05 10:04:23.960root 11241100x80000000000000006964558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddb5a44fe209ac32022-01-05 10:04:23.960root 11241100x80000000000000006964559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf9109b18ae10cb2022-01-05 10:04:23.960root 11241100x80000000000000006964560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2201c2210c905a62022-01-05 10:04:23.960root 11241100x80000000000000006964561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7069d527e1d502ef2022-01-05 10:04:23.960root 11241100x80000000000000006964562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee326c85e88d9c882022-01-05 10:04:24.459root 11241100x80000000000000006964563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6a52b0de845bf92022-01-05 10:04:24.459root 11241100x80000000000000006964564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e388dd28707bafe92022-01-05 10:04:24.460root 11241100x80000000000000006964565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eadf514be1640e92022-01-05 10:04:24.460root 11241100x80000000000000006964566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c7d756d40c18592022-01-05 10:04:24.460root 11241100x80000000000000006964567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369c0e004ec1c1b92022-01-05 10:04:24.460root 11241100x80000000000000006964568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1f547958d65a5c2022-01-05 10:04:24.460root 11241100x80000000000000006964569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dea59956bbe02c2022-01-05 10:04:24.959root 11241100x80000000000000006964570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4257b9c7016aab722022-01-05 10:04:24.959root 11241100x80000000000000006964571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99f42e17d17c6002022-01-05 10:04:24.960root 11241100x80000000000000006964572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a1400d18d4fbb42022-01-05 10:04:24.960root 11241100x80000000000000006964573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0998253926355c2022-01-05 10:04:24.960root 11241100x80000000000000006964574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea7406150b0efeb2022-01-05 10:04:24.960root 11241100x80000000000000006964575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4909182513d5044d2022-01-05 10:04:24.960root 11241100x80000000000000006964576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29700e2b0b1f14ac2022-01-05 10:04:25.459root 11241100x80000000000000006964577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a762a3302f887bd2022-01-05 10:04:25.459root 11241100x80000000000000006964578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b915ffc93a1b4dde2022-01-05 10:04:25.460root 11241100x80000000000000006964579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d9cecd60263bf72022-01-05 10:04:25.460root 11241100x80000000000000006964580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8674f11fe55e268c2022-01-05 10:04:25.460root 11241100x80000000000000006964581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b143ede53e01f6372022-01-05 10:04:25.460root 11241100x80000000000000006964582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f1f1a7416670872022-01-05 10:04:25.460root 11241100x80000000000000006964583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e8c725e4781992022-01-05 10:04:25.960root 11241100x80000000000000006964584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79845845b83b11212022-01-05 10:04:25.960root 11241100x80000000000000006964585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acbf3ca82572b402022-01-05 10:04:25.960root 11241100x80000000000000006964586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2ea467e81cf5bd2022-01-05 10:04:25.960root 11241100x80000000000000006964587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b049f1b158653f922022-01-05 10:04:25.960root 11241100x80000000000000006964588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de97e3c0408d68e2022-01-05 10:04:25.961root 11241100x80000000000000006964589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd30edd83b7461b72022-01-05 10:04:25.961root 11241100x80000000000000006964590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e692b46b92de0a6d2022-01-05 10:04:26.459root 11241100x80000000000000006964591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e5d03745df47d12022-01-05 10:04:26.459root 11241100x80000000000000006964592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc6a87607e1c8192022-01-05 10:04:26.460root 11241100x80000000000000006964593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44269a9cbd6198b32022-01-05 10:04:26.460root 11241100x80000000000000006964594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd58b484b0ae7aa2022-01-05 10:04:26.461root 11241100x80000000000000006964595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a228cdcc7a8ec62022-01-05 10:04:26.461root 11241100x80000000000000006964596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdf5f9af49d62372022-01-05 10:04:26.461root 11241100x80000000000000006964597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d2218b4982ff962022-01-05 10:04:26.959root 11241100x80000000000000006964598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f316d3b7b5ba24df2022-01-05 10:04:26.959root 11241100x80000000000000006964599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847e6c3a5b91923c2022-01-05 10:04:26.960root 11241100x80000000000000006964600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3005855d83aecb972022-01-05 10:04:26.960root 11241100x80000000000000006964601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb60f0b6d7e27562022-01-05 10:04:26.960root 11241100x80000000000000006964602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2038be9ae0a95f2022-01-05 10:04:26.961root 11241100x80000000000000006964603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6a14604278b6f02022-01-05 10:04:26.961root 11241100x80000000000000006964604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724969f02fae6762022-01-05 10:04:27.459root 11241100x80000000000000006964605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d97a550ecda6c2022-01-05 10:04:27.459root 11241100x80000000000000006964606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e70925b773aedd02022-01-05 10:04:27.459root 11241100x80000000000000006964607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a931fa7e9cf359a2022-01-05 10:04:27.459root 11241100x80000000000000006964608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90645b5e61501792022-01-05 10:04:27.459root 11241100x80000000000000006964609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9f147af55cfbc32022-01-05 10:04:27.460root 11241100x80000000000000006964610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fdda95977d702c2022-01-05 10:04:27.460root 11241100x80000000000000006964611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b779ec1a301d1072022-01-05 10:04:27.959root 11241100x80000000000000006964612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6c5fe3e0d5b9202022-01-05 10:04:27.959root 11241100x80000000000000006964613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b751136e94b5982022-01-05 10:04:27.960root 11241100x80000000000000006964614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e4160404dd679b2022-01-05 10:04:27.960root 11241100x80000000000000006964615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4a01dbc55e2cb22022-01-05 10:04:27.960root 11241100x80000000000000006964616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212a80e3147115702022-01-05 10:04:27.960root 11241100x80000000000000006964617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c148249bbfbd3e502022-01-05 10:04:27.960root 354300x80000000000000006964618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.106{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41756-false10.0.1.12-8000- 11241100x80000000000000006964619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb1eeb3f9a160dc2022-01-05 10:04:28.459root 11241100x80000000000000006964620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b953800266bff4dd2022-01-05 10:04:28.459root 11241100x80000000000000006964621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6764bcccfd80bc52022-01-05 10:04:28.459root 11241100x80000000000000006964622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdeccaf6fc8b1e42022-01-05 10:04:28.459root 11241100x80000000000000006964623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b701e25622343612022-01-05 10:04:28.459root 11241100x80000000000000006964624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b43d3ab99052622022-01-05 10:04:28.459root 11241100x80000000000000006964625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0e9dc1b6d5c5f2022-01-05 10:04:28.460root 11241100x80000000000000006964626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66037803a6dda01a2022-01-05 10:04:28.460root 11241100x80000000000000006964627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840518dfeacb971c2022-01-05 10:04:28.959root 11241100x80000000000000006964628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7ef12c99be02672022-01-05 10:04:28.959root 11241100x80000000000000006964629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd43b9ead43aa02022-01-05 10:04:28.959root 11241100x80000000000000006964630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a182ebafbcd82ec32022-01-05 10:04:28.960root 11241100x80000000000000006964631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faab48ba99d48e92022-01-05 10:04:28.960root 11241100x80000000000000006964632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf6e7b4a08c0aa92022-01-05 10:04:28.960root 11241100x80000000000000006964633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e579fc7bae75dd2022-01-05 10:04:28.960root 11241100x80000000000000006964634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6acc7bb816b7c372022-01-05 10:04:28.960root 11241100x80000000000000006964635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.220{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:04:29.220root 11241100x80000000000000006964636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0877ef35f23dec2022-01-05 10:04:29.221root 11241100x80000000000000006964637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8985388391c64a2022-01-05 10:04:29.221root 11241100x80000000000000006964638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc39db7ea3d1126f2022-01-05 10:04:29.221root 11241100x80000000000000006964639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fb1a9796b5037e2022-01-05 10:04:29.221root 11241100x80000000000000006964640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e4b6181837e3462022-01-05 10:04:29.221root 11241100x80000000000000006964641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29020a5d8cad5c42022-01-05 10:04:29.222root 11241100x80000000000000006964642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec290c9d1c2bf4c2022-01-05 10:04:29.222root 11241100x80000000000000006964643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8739b29206e4b12022-01-05 10:04:29.222root 11241100x80000000000000006964644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cd67f9bddac94a2022-01-05 10:04:29.222root 11241100x80000000000000006964645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3912a4970015ca6f2022-01-05 10:04:29.709root 11241100x80000000000000006964646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4d8603f7cc72452022-01-05 10:04:29.709root 11241100x80000000000000006964647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5626841a895b784c2022-01-05 10:04:29.709root 11241100x80000000000000006964648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5b4a6d0204cb892022-01-05 10:04:29.710root 11241100x80000000000000006964649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e74c3dd50703b942022-01-05 10:04:29.710root 11241100x80000000000000006964650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52a887f65b2a46d2022-01-05 10:04:29.710root 11241100x80000000000000006964651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1489d33479488f92022-01-05 10:04:29.710root 11241100x80000000000000006964652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678b01bf94d1fbed2022-01-05 10:04:29.710root 11241100x80000000000000006964653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6456d8dd036384d2022-01-05 10:04:29.710root 11241100x80000000000000006964654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ed009b6ca70ecb2022-01-05 10:04:30.209root 11241100x80000000000000006964655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98cd8d81fc8332f2022-01-05 10:04:30.209root 11241100x80000000000000006964656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f400e1faf8defd2022-01-05 10:04:30.209root 11241100x80000000000000006964657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722f3e4a3f2644482022-01-05 10:04:30.210root 11241100x80000000000000006964658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570f6b469d72991b2022-01-05 10:04:30.210root 11241100x80000000000000006964659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f95bdcce6ca1f5b2022-01-05 10:04:30.210root 11241100x80000000000000006964660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683b16da28c1fd642022-01-05 10:04:30.210root 11241100x80000000000000006964661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebff84a9ae2fc0b2022-01-05 10:04:30.210root 11241100x80000000000000006964662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660789236c078c3d2022-01-05 10:04:30.210root 11241100x80000000000000006964663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c6106ba57da1002022-01-05 10:04:30.709root 11241100x80000000000000006964664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ea6d7d48a73d0f2022-01-05 10:04:30.709root 11241100x80000000000000006964665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c62e632c19365e2022-01-05 10:04:30.709root 11241100x80000000000000006964666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6d9d0de02c04942022-01-05 10:04:30.709root 11241100x80000000000000006964667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baec1807563a6202022-01-05 10:04:30.710root 11241100x80000000000000006964668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1e331de2e78512022-01-05 10:04:30.710root 11241100x80000000000000006964669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfa46793e88b0722022-01-05 10:04:30.710root 11241100x80000000000000006964670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9286a159821cb52022-01-05 10:04:30.710root 11241100x80000000000000006964671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7d5bd85e66ab512022-01-05 10:04:30.710root 11241100x80000000000000006964672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3a5af02cd0fac32022-01-05 10:04:31.209root 11241100x80000000000000006964673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30534d0090fb08c2022-01-05 10:04:31.209root 11241100x80000000000000006964674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5abcf6715a773e2022-01-05 10:04:31.209root 11241100x80000000000000006964675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac51b49fc7fc812022-01-05 10:04:31.209root 11241100x80000000000000006964676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b954239df5e533f2022-01-05 10:04:31.209root 11241100x80000000000000006964677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d435960cd358b862022-01-05 10:04:31.210root 11241100x80000000000000006964678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18813458080cf9b42022-01-05 10:04:31.210root 11241100x80000000000000006964679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1ea2bdccaa62052022-01-05 10:04:31.210root 11241100x80000000000000006964680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1e89dfa4c4af5f2022-01-05 10:04:31.210root 11241100x80000000000000006964681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b49ad1dcc13d11c2022-01-05 10:04:31.709root 11241100x80000000000000006964682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953f8369e963b7bb2022-01-05 10:04:31.709root 11241100x80000000000000006964683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b84c938557c28012022-01-05 10:04:31.709root 11241100x80000000000000006964684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e090a977fe649122022-01-05 10:04:31.709root 11241100x80000000000000006964685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df82b52a4dbd4692022-01-05 10:04:31.709root 11241100x80000000000000006964686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5f1d8f439f01b62022-01-05 10:04:31.710root 11241100x80000000000000006964687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41edf01f121db6652022-01-05 10:04:31.710root 11241100x80000000000000006964688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059389a49d0e29b82022-01-05 10:04:31.710root 11241100x80000000000000006964689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82713f021957d1792022-01-05 10:04:31.710root 11241100x80000000000000006964690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0010f18a98f705482022-01-05 10:04:32.209root 11241100x80000000000000006964691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52870a8db38813e52022-01-05 10:04:32.209root 11241100x80000000000000006964692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaf82932b8def0c2022-01-05 10:04:32.209root 11241100x80000000000000006964693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fdb962deef70e82022-01-05 10:04:32.209root 11241100x80000000000000006964694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b192981d737c3a152022-01-05 10:04:32.210root 11241100x80000000000000006964695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b051ccefef0daf852022-01-05 10:04:32.210root 11241100x80000000000000006964696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce3a1d761ef4ba52022-01-05 10:04:32.210root 11241100x80000000000000006964697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bcc8ddcf9204032022-01-05 10:04:32.210root 11241100x80000000000000006964698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057097b7c79c6f402022-01-05 10:04:32.210root 23542300x80000000000000006964699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006964700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78bc71873f9248e2022-01-05 10:04:32.709root 11241100x80000000000000006964701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220616bc4e3ce2332022-01-05 10:04:32.709root 11241100x80000000000000006964702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c1dacb022f120e2022-01-05 10:04:32.709root 11241100x80000000000000006964703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275c8615279e469c2022-01-05 10:04:32.709root 11241100x80000000000000006964704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f63c315cb9c20e2022-01-05 10:04:32.710root 11241100x80000000000000006964705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142939a935fb254f2022-01-05 10:04:32.710root 11241100x80000000000000006964706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76085afc03f1c742022-01-05 10:04:32.710root 11241100x80000000000000006964707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4054cfbfaeca922022-01-05 10:04:32.710root 11241100x80000000000000006964708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea3b71292a329c52022-01-05 10:04:32.710root 11241100x80000000000000006964709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8396da9435e7ea32022-01-05 10:04:32.710root 11241100x80000000000000006964710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049c7fafb3798bf42022-01-05 10:04:33.209root 11241100x80000000000000006964711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d8ebcc0e122f2d2022-01-05 10:04:33.209root 11241100x80000000000000006964712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d733120525c41ff32022-01-05 10:04:33.209root 11241100x80000000000000006964713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f023b26447b81022022-01-05 10:04:33.209root 11241100x80000000000000006964714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315b2f4cbd6acf0c2022-01-05 10:04:33.210root 11241100x80000000000000006964715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80ced3a98589ada2022-01-05 10:04:33.210root 11241100x80000000000000006964716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1ecfa409d21a42022-01-05 10:04:33.210root 11241100x80000000000000006964717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cbc9cc5a433df62022-01-05 10:04:33.210root 11241100x80000000000000006964718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23120e4c02deb7422022-01-05 10:04:33.210root 11241100x80000000000000006964719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b744fd8c8892fd852022-01-05 10:04:33.210root 11241100x80000000000000006964720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb6d6faba3be9c82022-01-05 10:04:33.709root 11241100x80000000000000006964721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a52e51fc00034d2022-01-05 10:04:33.709root 11241100x80000000000000006964722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23b34116ab6dd2b2022-01-05 10:04:33.709root 11241100x80000000000000006964723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe196f044c7a5d92022-01-05 10:04:33.709root 11241100x80000000000000006964724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e1f6d72cf908312022-01-05 10:04:33.710root 11241100x80000000000000006964725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9458d2423a08602022-01-05 10:04:33.710root 11241100x80000000000000006964726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8975355c5f7dcf52022-01-05 10:04:33.710root 11241100x80000000000000006964727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da90732ba53b02492022-01-05 10:04:33.710root 11241100x80000000000000006964728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e6cc83b23e85ed2022-01-05 10:04:33.710root 11241100x80000000000000006964729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddcc3526895c0df2022-01-05 10:04:33.710root 354300x80000000000000006964730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:33.739{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42238-false10.0.1.12-8089- 354300x80000000000000006964731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.053{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41760-false10.0.1.12-8000- 11241100x80000000000000006964732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f8e66ca2604c5d2022-01-05 10:04:34.054root 11241100x80000000000000006964733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28dde45990f19882022-01-05 10:04:34.054root 11241100x80000000000000006964734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb0f08812f18d6b2022-01-05 10:04:34.054root 11241100x80000000000000006964735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e05441c26af50c2022-01-05 10:04:34.054root 11241100x80000000000000006964736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30e461a78fa96c22022-01-05 10:04:34.054root 11241100x80000000000000006964737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963c160e85ae2cf22022-01-05 10:04:34.054root 11241100x80000000000000006964738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb5dbbfb509c1222022-01-05 10:04:34.054root 11241100x80000000000000006964739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640c1db33e444d462022-01-05 10:04:34.055root 11241100x80000000000000006964740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8fed991f4445c82022-01-05 10:04:34.055root 11241100x80000000000000006964741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cff13d4eb8ba142022-01-05 10:04:34.055root 11241100x80000000000000006964742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35c2487f74567162022-01-05 10:04:34.055root 11241100x80000000000000006964743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77383dda08e9552e2022-01-05 10:04:34.055root 11241100x80000000000000006964744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62845afc560ee022022-01-05 10:04:34.459root 11241100x80000000000000006964745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ef3ab24c5472922022-01-05 10:04:34.459root 11241100x80000000000000006964746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c472e7a8c771ec2022-01-05 10:04:34.459root 11241100x80000000000000006964747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77acae3422474312022-01-05 10:04:34.460root 11241100x80000000000000006964748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78d71ec92d49d202022-01-05 10:04:34.460root 11241100x80000000000000006964749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0898cfd2a4eda41d2022-01-05 10:04:34.460root 11241100x80000000000000006964750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a925e38419c67ebb2022-01-05 10:04:34.460root 11241100x80000000000000006964751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a0db932997349d2022-01-05 10:04:34.460root 11241100x80000000000000006964752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d2cee97e23953e2022-01-05 10:04:34.460root 11241100x80000000000000006964753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f144f6442cca1a2022-01-05 10:04:34.460root 11241100x80000000000000006964754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673c275e0d0422782022-01-05 10:04:34.460root 11241100x80000000000000006964755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91742d5f723b7ec12022-01-05 10:04:34.460root 11241100x80000000000000006964756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c30c51b7cd93e362022-01-05 10:04:34.959root 11241100x80000000000000006964757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a829c0cd9ced4092022-01-05 10:04:34.959root 11241100x80000000000000006964758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59796daa281d4ced2022-01-05 10:04:34.960root 11241100x80000000000000006964759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bd21f16e9b2b712022-01-05 10:04:34.960root 11241100x80000000000000006964760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f9903a7d1288302022-01-05 10:04:34.960root 11241100x80000000000000006964761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e908db1efe5aeb2022-01-05 10:04:34.960root 11241100x80000000000000006964762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f12f497020668a62022-01-05 10:04:34.960root 11241100x80000000000000006964763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951cf86fd6ee5d7f2022-01-05 10:04:34.960root 11241100x80000000000000006964764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa26c377f21b66c02022-01-05 10:04:34.960root 11241100x80000000000000006964765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09002780f587fa072022-01-05 10:04:34.960root 11241100x80000000000000006964766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b03b34cf0b0a942022-01-05 10:04:34.960root 11241100x80000000000000006964767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b4dd3eaec2b50d2022-01-05 10:04:34.961root 11241100x80000000000000006964768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94ea733252163bc2022-01-05 10:04:35.459root 11241100x80000000000000006964769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee1701442a39b9f2022-01-05 10:04:35.460root 11241100x80000000000000006964770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef17bc9101a6cd92022-01-05 10:04:35.460root 11241100x80000000000000006964771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86cb71b12f624172022-01-05 10:04:35.460root 11241100x80000000000000006964772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a6026aeeda8ba92022-01-05 10:04:35.460root 11241100x80000000000000006964773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9783a9580500eae52022-01-05 10:04:35.460root 11241100x80000000000000006964774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d911b8f3f5106e2022-01-05 10:04:35.460root 11241100x80000000000000006964775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e8cf587e4379902022-01-05 10:04:35.460root 11241100x80000000000000006964776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41358709bd42b9672022-01-05 10:04:35.460root 11241100x80000000000000006964777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de4e17dd42380d72022-01-05 10:04:35.460root 11241100x80000000000000006964778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f45c351135c8e42022-01-05 10:04:35.460root 11241100x80000000000000006964779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20c72c70b41afd52022-01-05 10:04:35.460root 11241100x80000000000000006964780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b54e8d1c744e4532022-01-05 10:04:35.959root 11241100x80000000000000006964781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7611f8604e28712022-01-05 10:04:35.959root 11241100x80000000000000006964782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7692a77b202331902022-01-05 10:04:35.960root 11241100x80000000000000006964783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e558e396c2f4e432022-01-05 10:04:35.960root 11241100x80000000000000006964784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4fc91e7d0765c02022-01-05 10:04:35.960root 11241100x80000000000000006964785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a984a6160ca13e682022-01-05 10:04:35.960root 11241100x80000000000000006964786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e1f4476e278e5b2022-01-05 10:04:35.960root 11241100x80000000000000006964787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3261c048299e7d272022-01-05 10:04:35.960root 11241100x80000000000000006964788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791e5ba89f773f332022-01-05 10:04:35.960root 11241100x80000000000000006964789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673470911ee550e92022-01-05 10:04:35.961root 11241100x80000000000000006964790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79bed1dbe3843202022-01-05 10:04:35.961root 11241100x80000000000000006964791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e553221ece325132022-01-05 10:04:35.961root 11241100x80000000000000006964792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d370c38875a17e6b2022-01-05 10:04:36.459root 11241100x80000000000000006964793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28aca0d1b865d112022-01-05 10:04:36.459root 11241100x80000000000000006964794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb82840edeba46cb2022-01-05 10:04:36.460root 11241100x80000000000000006964795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4dfa1ac8f4e8712022-01-05 10:04:36.460root 11241100x80000000000000006964796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93599bf370714882022-01-05 10:04:36.460root 11241100x80000000000000006964797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d26feb46d63c5c12022-01-05 10:04:36.460root 11241100x80000000000000006964798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0f2f5f2bf836fb2022-01-05 10:04:36.460root 11241100x80000000000000006964799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8060241e3bb8d22022-01-05 10:04:36.460root 11241100x80000000000000006964800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbb759a0c954e502022-01-05 10:04:36.460root 11241100x80000000000000006964801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd823da5b3241dd62022-01-05 10:04:36.460root 11241100x80000000000000006964802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3688ddfe1f66af432022-01-05 10:04:36.461root 11241100x80000000000000006964803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bce5a97f38878b2022-01-05 10:04:36.461root 11241100x80000000000000006964804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08c837f29575dc32022-01-05 10:04:36.959root 11241100x80000000000000006964805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f495444dcb154c2022-01-05 10:04:36.959root 11241100x80000000000000006964806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda3d658ff5da4982022-01-05 10:04:36.960root 11241100x80000000000000006964807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba5dbbc7efc2e192022-01-05 10:04:36.960root 11241100x80000000000000006964808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9f188ee03ba88f2022-01-05 10:04:36.960root 11241100x80000000000000006964809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5061644ed1f7372022-01-05 10:04:36.960root 11241100x80000000000000006964810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b622821563f82f62022-01-05 10:04:36.960root 11241100x80000000000000006964811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c96f5648ec96252022-01-05 10:04:36.960root 11241100x80000000000000006964812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a6d9fd9cb9d1222022-01-05 10:04:36.960root 11241100x80000000000000006964813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4e644237e3018d2022-01-05 10:04:36.960root 11241100x80000000000000006964814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81658bbf7a05e9f62022-01-05 10:04:36.960root 11241100x80000000000000006964815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d3f2ddf0ed4ffd2022-01-05 10:04:36.960root 11241100x80000000000000006964816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc09ad5466b346ac2022-01-05 10:04:37.459root 11241100x80000000000000006964817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b1bd1b8de979e32022-01-05 10:04:37.460root 11241100x80000000000000006964818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e31435e7c6e308a2022-01-05 10:04:37.460root 11241100x80000000000000006964819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f3f078a9dd4c6b2022-01-05 10:04:37.460root 11241100x80000000000000006964820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f38cd0b54797f02022-01-05 10:04:37.460root 11241100x80000000000000006964821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca9a322f84cd8c32022-01-05 10:04:37.460root 11241100x80000000000000006964822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822c97aebcd402282022-01-05 10:04:37.460root 11241100x80000000000000006964823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c66d8d240278042022-01-05 10:04:37.460root 11241100x80000000000000006964824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b2988add6dcce52022-01-05 10:04:37.460root 11241100x80000000000000006964825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d85395bc28144f2022-01-05 10:04:37.460root 11241100x80000000000000006964826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7f77de71b686922022-01-05 10:04:37.460root 11241100x80000000000000006964827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8de6319e95eb602022-01-05 10:04:37.460root 11241100x80000000000000006964828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dcbae8ff89fefe2022-01-05 10:04:37.959root 11241100x80000000000000006964829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a713c3cde3ac452022-01-05 10:04:37.959root 11241100x80000000000000006964830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df2e5ace0602ab12022-01-05 10:04:37.960root 11241100x80000000000000006964831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77da0580df35a3432022-01-05 10:04:37.960root 11241100x80000000000000006964832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63855ff16b63caf12022-01-05 10:04:37.960root 11241100x80000000000000006964833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ded7c751782b8842022-01-05 10:04:37.960root 11241100x80000000000000006964834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf3e89fbf3e34992022-01-05 10:04:37.960root 11241100x80000000000000006964835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e534b0bbd4d9ff2022-01-05 10:04:37.960root 11241100x80000000000000006964836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ea5d07a9c668fb2022-01-05 10:04:37.960root 11241100x80000000000000006964837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b9278d27e8667f2022-01-05 10:04:37.960root 11241100x80000000000000006964838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b87a52302397d92022-01-05 10:04:37.960root 11241100x80000000000000006964839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f83030c635e7542022-01-05 10:04:37.960root 11241100x80000000000000006964840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0f91aa68a17e132022-01-05 10:04:38.459root 11241100x80000000000000006964841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e118a07a8a7ca2732022-01-05 10:04:38.459root 11241100x80000000000000006964842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5c3e88e4201c62022-01-05 10:04:38.460root 11241100x80000000000000006964843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a1d1434f015d492022-01-05 10:04:38.460root 11241100x80000000000000006964844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2629e5dfcd8ae802022-01-05 10:04:38.460root 11241100x80000000000000006964845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e840ada1f205d492022-01-05 10:04:38.460root 11241100x80000000000000006964846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79767d2c675f98f52022-01-05 10:04:38.460root 11241100x80000000000000006964847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8577c07b8390a6a2022-01-05 10:04:38.460root 11241100x80000000000000006964848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eca4eacd16061e2022-01-05 10:04:38.460root 11241100x80000000000000006964849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0385147d912fb3792022-01-05 10:04:38.460root 11241100x80000000000000006964850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7434b3ef6f944c82022-01-05 10:04:38.460root 11241100x80000000000000006964851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7913ad4b0fdcfd2022-01-05 10:04:38.461root 11241100x80000000000000006964852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19a975793f5f9e92022-01-05 10:04:38.959root 11241100x80000000000000006964853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594c9eb4eedff8952022-01-05 10:04:38.959root 11241100x80000000000000006964854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0c366de8665bb02022-01-05 10:04:38.959root 11241100x80000000000000006964855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761647a9c6a79b6f2022-01-05 10:04:38.960root 11241100x80000000000000006964856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd524759411898b02022-01-05 10:04:38.960root 11241100x80000000000000006964857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65895297b65eda7c2022-01-05 10:04:38.960root 11241100x80000000000000006964858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ba578b8b5333cf2022-01-05 10:04:38.960root 11241100x80000000000000006964859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c70ee386e0dec32022-01-05 10:04:38.960root 11241100x80000000000000006964860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a268c991eb24c22022-01-05 10:04:38.960root 11241100x80000000000000006964861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a249cfd4c2016a82022-01-05 10:04:38.960root 11241100x80000000000000006964862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc959c4668278832022-01-05 10:04:38.960root 11241100x80000000000000006964863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e025a0bc416bb8152022-01-05 10:04:38.960root 354300x80000000000000006964864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.225{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41762-false10.0.1.12-8000- 11241100x80000000000000006964865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e0d24fc908bcb92022-01-05 10:04:39.226root 11241100x80000000000000006964866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce9f403b372803c2022-01-05 10:04:39.226root 11241100x80000000000000006964867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed9a8458ecca1a32022-01-05 10:04:39.226root 11241100x80000000000000006964868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b9ee168c5f65b42022-01-05 10:04:39.226root 11241100x80000000000000006964869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7565e32a5c1ff72022-01-05 10:04:39.226root 11241100x80000000000000006964870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5afa5e9a5192cf42022-01-05 10:04:39.226root 11241100x80000000000000006964871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc1b96bbfc64c892022-01-05 10:04:39.226root 11241100x80000000000000006964872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de1c4beb09428f82022-01-05 10:04:39.227root 11241100x80000000000000006964873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34afe66bc6372a112022-01-05 10:04:39.227root 11241100x80000000000000006964874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2308c8c01d0014c2022-01-05 10:04:39.227root 11241100x80000000000000006964875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c952955ae06db62022-01-05 10:04:39.227root 11241100x80000000000000006964876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04a345c28328f032022-01-05 10:04:39.227root 11241100x80000000000000006964877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6128dc3c89773bef2022-01-05 10:04:39.227root 11241100x80000000000000006964878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d1b794605f2bb82022-01-05 10:04:39.709root 11241100x80000000000000006964879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f21aa8cc20b508b2022-01-05 10:04:39.709root 11241100x80000000000000006964880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abf56d38f1b72b92022-01-05 10:04:39.710root 11241100x80000000000000006964881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c55dffd9f1ca5f32022-01-05 10:04:39.710root 11241100x80000000000000006964882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1218bfd71056f17b2022-01-05 10:04:39.710root 11241100x80000000000000006964883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b65aeea57116262022-01-05 10:04:39.710root 11241100x80000000000000006964884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43161e3c8f69a0c22022-01-05 10:04:39.710root 11241100x80000000000000006964885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59a7ff4e9a63d492022-01-05 10:04:39.710root 11241100x80000000000000006964886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea18541c809dcef2022-01-05 10:04:39.710root 11241100x80000000000000006964887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fa05ad1b598be62022-01-05 10:04:39.710root 11241100x80000000000000006964888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2cab957c67e1792022-01-05 10:04:39.710root 11241100x80000000000000006964889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ef7b9da63c75a82022-01-05 10:04:39.710root 11241100x80000000000000006964890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f71b1ddb5e12e102022-01-05 10:04:39.710root 11241100x80000000000000006964891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8ed77804ce67ad2022-01-05 10:04:40.209root 11241100x80000000000000006964892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea112d2f9e5234d2022-01-05 10:04:40.209root 11241100x80000000000000006964893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f289d40ff464e5a52022-01-05 10:04:40.210root 11241100x80000000000000006964894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4360186712d12c7e2022-01-05 10:04:40.210root 11241100x80000000000000006964895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af9eb73570013aa2022-01-05 10:04:40.210root 11241100x80000000000000006964896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c806c9fdaa873282022-01-05 10:04:40.210root 11241100x80000000000000006964897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf6dd5d4ee20d1d2022-01-05 10:04:40.210root 11241100x80000000000000006964898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a8bc76577b15812022-01-05 10:04:40.210root 11241100x80000000000000006964899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d303412cc99f6802022-01-05 10:04:40.210root 11241100x80000000000000006964900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98abfb5fa99d74832022-01-05 10:04:40.210root 11241100x80000000000000006964901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce664caa0277f442022-01-05 10:04:40.210root 11241100x80000000000000006964902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8c09696de7ca692022-01-05 10:04:40.210root 11241100x80000000000000006964903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfb29d2cae8226a2022-01-05 10:04:40.211root 11241100x80000000000000006964904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6e15b75c5160b32022-01-05 10:04:40.709root 11241100x80000000000000006964905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d352ef8a122d752022-01-05 10:04:40.710root 11241100x80000000000000006964906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0761916f04997ac2022-01-05 10:04:40.710root 11241100x80000000000000006964907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b233b7a570e04e42022-01-05 10:04:40.710root 11241100x80000000000000006964908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22c285fdd51814b2022-01-05 10:04:40.710root 11241100x80000000000000006964909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be20cea8fc4b2db2022-01-05 10:04:40.710root 11241100x80000000000000006964910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc000628c9abe052022-01-05 10:04:40.710root 11241100x80000000000000006964911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ccff56cbe8b03b2022-01-05 10:04:40.710root 11241100x80000000000000006964912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14521ed62ca6cd92022-01-05 10:04:40.710root 11241100x80000000000000006964913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af8716536b831d92022-01-05 10:04:40.710root 11241100x80000000000000006964914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37821b3fd27f02eb2022-01-05 10:04:40.711root 11241100x80000000000000006964915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92c8348077b7a802022-01-05 10:04:40.711root 11241100x80000000000000006964916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d567e6dd511f55d2022-01-05 10:04:40.711root 11241100x80000000000000006964917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678d8fcdd02636e22022-01-05 10:04:41.209root 11241100x80000000000000006964918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee93e6dc4258d372022-01-05 10:04:41.209root 11241100x80000000000000006964919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a00a192a649e6362022-01-05 10:04:41.210root 11241100x80000000000000006964920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec335ed3466210b2022-01-05 10:04:41.210root 11241100x80000000000000006964921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1224f7e58684b8732022-01-05 10:04:41.210root 11241100x80000000000000006964922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71b4520013d8da82022-01-05 10:04:41.210root 11241100x80000000000000006964923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32490be9e355079d2022-01-05 10:04:41.210root 11241100x80000000000000006964924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3413d44d1ec179572022-01-05 10:04:41.210root 11241100x80000000000000006964925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be58a68423e1f3132022-01-05 10:04:41.210root 11241100x80000000000000006964926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9536a243e53a832022-01-05 10:04:41.210root 11241100x80000000000000006964927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5def4826f8999f072022-01-05 10:04:41.210root 11241100x80000000000000006964928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b347a79ff64c87652022-01-05 10:04:41.210root 11241100x80000000000000006964929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fab64d2e8d618f2022-01-05 10:04:41.210root 11241100x80000000000000006964930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500db783fdec9fed2022-01-05 10:04:41.709root 11241100x80000000000000006964931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03619b469f4179ef2022-01-05 10:04:41.710root 11241100x80000000000000006964932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1e9a5bcba397092022-01-05 10:04:41.710root 11241100x80000000000000006964933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7583ec5a1540c22022-01-05 10:04:41.710root 11241100x80000000000000006964934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d223ce928509f7c2022-01-05 10:04:41.710root 11241100x80000000000000006964935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0564d269e57643c42022-01-05 10:04:41.710root 11241100x80000000000000006964936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58fa37ba88406372022-01-05 10:04:41.710root 11241100x80000000000000006964937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c05175c0208d532022-01-05 10:04:41.710root 11241100x80000000000000006964938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41dd360313bc9c42022-01-05 10:04:41.710root 11241100x80000000000000006964939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac559080c69ada6f2022-01-05 10:04:41.710root 11241100x80000000000000006964940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f10922716a9cbb2022-01-05 10:04:41.710root 11241100x80000000000000006964941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11486270ac68e322022-01-05 10:04:41.710root 11241100x80000000000000006964942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fb4f9a4291abbc2022-01-05 10:04:41.710root 11241100x80000000000000006964943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bb1c88559706af2022-01-05 10:04:42.209root 11241100x80000000000000006964944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb729ca028a30e42022-01-05 10:04:42.210root 11241100x80000000000000006964945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7b0c09bbb805992022-01-05 10:04:42.210root 11241100x80000000000000006964946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19431994fb816ca72022-01-05 10:04:42.210root 11241100x80000000000000006964947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac9f9c8206835e72022-01-05 10:04:42.210root 11241100x80000000000000006964948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95eafb57c373f412022-01-05 10:04:42.210root 11241100x80000000000000006964949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bac52edf4a7f6012022-01-05 10:04:42.210root 11241100x80000000000000006964950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5559c2c7e94771052022-01-05 10:04:42.210root 11241100x80000000000000006964951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b7b5473a642afd2022-01-05 10:04:42.210root 11241100x80000000000000006964952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16260be22ba085f92022-01-05 10:04:42.210root 11241100x80000000000000006964953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64138d87897774c2022-01-05 10:04:42.210root 11241100x80000000000000006964954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dead4038d653d9ee2022-01-05 10:04:42.210root 11241100x80000000000000006964955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42454879ef1267202022-01-05 10:04:42.210root 11241100x80000000000000006964956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8f1859354d4b972022-01-05 10:04:42.709root 11241100x80000000000000006964957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d85ad15b1b10352022-01-05 10:04:42.710root 11241100x80000000000000006964958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dad280f084b1e522022-01-05 10:04:42.710root 11241100x80000000000000006964959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96def227bd9843f72022-01-05 10:04:42.710root 11241100x80000000000000006964960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fd212c3c4a3fa62022-01-05 10:04:42.710root 11241100x80000000000000006964961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9f9e5a87d441362022-01-05 10:04:42.710root 11241100x80000000000000006964962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293835675f4116212022-01-05 10:04:42.710root 11241100x80000000000000006964963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df9805e4e986ff22022-01-05 10:04:42.710root 11241100x80000000000000006964964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36212a090bf038bf2022-01-05 10:04:42.710root 11241100x80000000000000006964965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7946c313419fd3c2022-01-05 10:04:42.710root 11241100x80000000000000006964966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a101e3b779ee7d9e2022-01-05 10:04:42.710root 11241100x80000000000000006964967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4cc1065a2e8fda2022-01-05 10:04:42.710root 11241100x80000000000000006964968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a537ddb03de59f202022-01-05 10:04:42.710root 11241100x80000000000000006964969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788d4810106cb5fc2022-01-05 10:04:43.209root 11241100x80000000000000006964970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae62cd6ba0b88932022-01-05 10:04:43.209root 11241100x80000000000000006964971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bae3a377511c4752022-01-05 10:04:43.210root 11241100x80000000000000006964972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ed0e984c658b492022-01-05 10:04:43.210root 11241100x80000000000000006964973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673965dd282062342022-01-05 10:04:43.210root 11241100x80000000000000006964974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36a2ff10ad369ae2022-01-05 10:04:43.210root 11241100x80000000000000006964975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39351d424eadaf82022-01-05 10:04:43.210root 11241100x80000000000000006964976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312860fc9bc5084b2022-01-05 10:04:43.210root 11241100x80000000000000006964977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eca2200e2414c32022-01-05 10:04:43.210root 11241100x80000000000000006964978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7340f416a5bd112c2022-01-05 10:04:43.210root 11241100x80000000000000006964979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dc9f5f971114762022-01-05 10:04:43.210root 11241100x80000000000000006964980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b083b3563906078d2022-01-05 10:04:43.210root 11241100x80000000000000006964981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc38c75a75a45772022-01-05 10:04:43.210root 11241100x80000000000000006964982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931cb76dc8f76e8e2022-01-05 10:04:43.709root 11241100x80000000000000006964983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e2d6f37357fedf2022-01-05 10:04:43.709root 11241100x80000000000000006964984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec391fd34a0a7d92022-01-05 10:04:43.710root 11241100x80000000000000006964985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a7ca9368c0d04a2022-01-05 10:04:43.710root 11241100x80000000000000006964986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3384c0747084d00e2022-01-05 10:04:43.710root 11241100x80000000000000006964987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af377f3125e0bc8b2022-01-05 10:04:43.710root 11241100x80000000000000006964988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251ef74e2f9aba042022-01-05 10:04:43.710root 11241100x80000000000000006964989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63a8456a9efcb922022-01-05 10:04:43.710root 11241100x80000000000000006964990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dee77f1bbec8c82022-01-05 10:04:43.710root 11241100x80000000000000006964991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc10461daf5be6b2022-01-05 10:04:43.710root 11241100x80000000000000006964992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bc5f701f2b648b2022-01-05 10:04:43.710root 11241100x80000000000000006964993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d69cdb280d9c67a2022-01-05 10:04:43.710root 11241100x80000000000000006964994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92d6280c5464b2e2022-01-05 10:04:43.710root 11241100x80000000000000006964995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608fa57f597a4f652022-01-05 10:04:44.209root 11241100x80000000000000006964996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a30257e610b19b2022-01-05 10:04:44.209root 11241100x80000000000000006964997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051dd0677eb451482022-01-05 10:04:44.210root 11241100x80000000000000006964998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b425e27b0675ef2022-01-05 10:04:44.210root 11241100x80000000000000006964999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46808f4518312a72022-01-05 10:04:44.210root 11241100x80000000000000006965000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0abd10c171792822022-01-05 10:04:44.210root 11241100x80000000000000006965001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7381ef6648dec4042022-01-05 10:04:44.210root 11241100x80000000000000006965002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03d825d6da551612022-01-05 10:04:44.210root 11241100x80000000000000006965003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f840875e0604552022-01-05 10:04:44.210root 11241100x80000000000000006965004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5719bed472bc7d572022-01-05 10:04:44.210root 11241100x80000000000000006965005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa925dc1c7a0bebc2022-01-05 10:04:44.210root 11241100x80000000000000006965006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5578caa0773ce2e72022-01-05 10:04:44.210root 11241100x80000000000000006965007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cbbd4afaa02d7d2022-01-05 10:04:44.210root 354300x80000000000000006965008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.252{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41764-false10.0.1.12-8000- 11241100x80000000000000006965009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e771da54cde2e1be2022-01-05 10:04:44.709root 11241100x80000000000000006965010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc10f07f1084eb32022-01-05 10:04:44.710root 11241100x80000000000000006965011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fbd7b202dceb452022-01-05 10:04:44.710root 11241100x80000000000000006965012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11208be759187a552022-01-05 10:04:44.710root 11241100x80000000000000006965013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6686b7da8a9e7ec82022-01-05 10:04:44.710root 11241100x80000000000000006965014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2a973e3548df492022-01-05 10:04:44.710root 11241100x80000000000000006965015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d71fe0c553d6ed2022-01-05 10:04:44.710root 11241100x80000000000000006965016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d735071c4060052022-01-05 10:04:44.710root 11241100x80000000000000006965017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c1e5523b4ce5d82022-01-05 10:04:44.710root 11241100x80000000000000006965018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ef4556337805012022-01-05 10:04:44.710root 11241100x80000000000000006965019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3a3c273d2d04a82022-01-05 10:04:44.710root 11241100x80000000000000006965020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b50df0726d09d82022-01-05 10:04:44.710root 11241100x80000000000000006965021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138537d5ce1b34d12022-01-05 10:04:44.710root 11241100x80000000000000006965022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee40c9d8556d85732022-01-05 10:04:44.710root 11241100x80000000000000006965023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6db05f1eb4fbb522022-01-05 10:04:45.209root 11241100x80000000000000006965024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ea01c37f5f7a682022-01-05 10:04:45.210root 11241100x80000000000000006965025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9970aaf37c2ffd2022-01-05 10:04:45.210root 11241100x80000000000000006965026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c81bacc96616672022-01-05 10:04:45.210root 11241100x80000000000000006965027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130c59f15bd3781d2022-01-05 10:04:45.210root 11241100x80000000000000006965028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a99a58414037992022-01-05 10:04:45.210root 11241100x80000000000000006965029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464ee706a37398cd2022-01-05 10:04:45.210root 11241100x80000000000000006965030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bc771d1246fb872022-01-05 10:04:45.210root 11241100x80000000000000006965031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f203428b5ee1b4a72022-01-05 10:04:45.211root 11241100x80000000000000006965032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affbcacd4a8ecbc52022-01-05 10:04:45.211root 11241100x80000000000000006965033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072fa026f39af5ce2022-01-05 10:04:45.211root 11241100x80000000000000006965034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2c23dfee2fbbd92022-01-05 10:04:45.211root 11241100x80000000000000006965035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b344442d7ce4c12022-01-05 10:04:45.211root 11241100x80000000000000006965036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37be388ad9df52a02022-01-05 10:04:45.211root 11241100x80000000000000006965037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2086eeaf5a7f0e52022-01-05 10:04:45.709root 11241100x80000000000000006965038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fe37e80ecd1bb42022-01-05 10:04:45.710root 11241100x80000000000000006965039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489808d9975937782022-01-05 10:04:45.710root 11241100x80000000000000006965040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c947c465caccaa2022-01-05 10:04:45.710root 11241100x80000000000000006965041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee9ff56160f54142022-01-05 10:04:45.710root 11241100x80000000000000006965042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437ab35ca4b216412022-01-05 10:04:45.710root 11241100x80000000000000006965043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5a8f50efc1bf2c2022-01-05 10:04:45.710root 11241100x80000000000000006965044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4314415cdf255982022-01-05 10:04:45.710root 11241100x80000000000000006965045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44467eab1da965a12022-01-05 10:04:45.710root 11241100x80000000000000006965046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87040d0028716ef12022-01-05 10:04:45.710root 11241100x80000000000000006965047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c5df5bc69cc8922022-01-05 10:04:45.710root 11241100x80000000000000006965048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ee48321237a48c2022-01-05 10:04:45.711root 11241100x80000000000000006965049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34069da51b1efa62022-01-05 10:04:45.711root 11241100x80000000000000006965050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350eb04cd082d3f72022-01-05 10:04:45.711root 11241100x80000000000000006965051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfec9724c4a85c672022-01-05 10:04:46.210root 11241100x80000000000000006965052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14672192c3983ba2022-01-05 10:04:46.210root 11241100x80000000000000006965053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1332be77a8daf02022-01-05 10:04:46.210root 11241100x80000000000000006965054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28e1cf00e69829c2022-01-05 10:04:46.210root 11241100x80000000000000006965055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3b0a1470d81ecd2022-01-05 10:04:46.210root 11241100x80000000000000006965056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1da777e202c03fb2022-01-05 10:04:46.210root 11241100x80000000000000006965057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9146af183920452022-01-05 10:04:46.210root 11241100x80000000000000006965058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440067a1253b78a42022-01-05 10:04:46.210root 11241100x80000000000000006965059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddf6fde2bc266b22022-01-05 10:04:46.210root 11241100x80000000000000006965060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ade6a70304c7c22022-01-05 10:04:46.210root 11241100x80000000000000006965061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ab7830060f0b002022-01-05 10:04:46.210root 11241100x80000000000000006965062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc376dae376e83b12022-01-05 10:04:46.210root 11241100x80000000000000006965063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b1ce64dc97b8682022-01-05 10:04:46.210root 11241100x80000000000000006965064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382b50e38de010e62022-01-05 10:04:46.210root 11241100x80000000000000006965065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a9b93f88d91f7f2022-01-05 10:04:46.710root 11241100x80000000000000006965066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8c59fa8793732c2022-01-05 10:04:46.710root 11241100x80000000000000006965067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bac35406d2816f2022-01-05 10:04:46.710root 11241100x80000000000000006965068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d88235f17c77432022-01-05 10:04:46.710root 11241100x80000000000000006965069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fbfadcb853e1202022-01-05 10:04:46.710root 11241100x80000000000000006965070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538741a5d3264f042022-01-05 10:04:46.710root 11241100x80000000000000006965071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d84d9ba8f8a63d72022-01-05 10:04:46.710root 11241100x80000000000000006965072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43428784527f56f72022-01-05 10:04:46.710root 11241100x80000000000000006965073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f00fe43914f59742022-01-05 10:04:46.710root 11241100x80000000000000006965074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fbe0930eb8ae122022-01-05 10:04:46.710root 11241100x80000000000000006965075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eddfad1a17993532022-01-05 10:04:46.710root 11241100x80000000000000006965076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5384a112b5a60fb42022-01-05 10:04:46.710root 11241100x80000000000000006965077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baf3a868a75b47d2022-01-05 10:04:46.711root 11241100x80000000000000006965078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9b4d18ee5ebd882022-01-05 10:04:46.711root 11241100x80000000000000006965079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c9050c0ff6380b2022-01-05 10:04:47.209root 11241100x80000000000000006965080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620a0a50312a1ff22022-01-05 10:04:47.209root 11241100x80000000000000006965081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ac7fe27737304a2022-01-05 10:04:47.210root 11241100x80000000000000006965082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf3b989b5fcaba32022-01-05 10:04:47.210root 11241100x80000000000000006965083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb2bd3cb54b0c5f2022-01-05 10:04:47.210root 11241100x80000000000000006965084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4354bcae57470e5a2022-01-05 10:04:47.210root 11241100x80000000000000006965085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e901c2f22159b02022-01-05 10:04:47.210root 11241100x80000000000000006965086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa912362f3cbff022022-01-05 10:04:47.210root 11241100x80000000000000006965087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628afd68d7b998c02022-01-05 10:04:47.210root 11241100x80000000000000006965088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d43c0bd9e8dec9a2022-01-05 10:04:47.210root 11241100x80000000000000006965089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84236605814818972022-01-05 10:04:47.210root 11241100x80000000000000006965090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2b728171ded28e2022-01-05 10:04:47.210root 11241100x80000000000000006965091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc844fc17624e1152022-01-05 10:04:47.210root 11241100x80000000000000006965092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9320c4b65673ca122022-01-05 10:04:47.210root 11241100x80000000000000006965093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407607ec2e463a2f2022-01-05 10:04:47.709root 11241100x80000000000000006965094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0529cbd563b72e592022-01-05 10:04:47.710root 11241100x80000000000000006965095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe73ef913b0d4b6c2022-01-05 10:04:47.710root 11241100x80000000000000006965096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055c8df15350fd812022-01-05 10:04:47.710root 11241100x80000000000000006965097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04508b230c2623e2022-01-05 10:04:47.710root 11241100x80000000000000006965098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc772ac15f24218b2022-01-05 10:04:47.710root 11241100x80000000000000006965099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c6a7de56cc389e2022-01-05 10:04:47.710root 11241100x80000000000000006965100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db831f35aa44e912022-01-05 10:04:47.710root 11241100x80000000000000006965101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad68261ccd2f62292022-01-05 10:04:47.710root 11241100x80000000000000006965102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f587c5f98c6ba482022-01-05 10:04:47.710root 11241100x80000000000000006965103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce724537156886cf2022-01-05 10:04:47.710root 11241100x80000000000000006965104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd478f6b139781ae2022-01-05 10:04:47.710root 11241100x80000000000000006965105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb08aa1d8372d7a2022-01-05 10:04:47.710root 11241100x80000000000000006965106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7071f8ea8327d42022-01-05 10:04:47.710root 11241100x80000000000000006965107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce75ec07ef7a18f2022-01-05 10:04:48.209root 11241100x80000000000000006965108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fdffa4e39e69522022-01-05 10:04:48.210root 11241100x80000000000000006965109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee3298992d4f6232022-01-05 10:04:48.210root 11241100x80000000000000006965110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd18ca06dd314482022-01-05 10:04:48.210root 11241100x80000000000000006965111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fc28787876d3b52022-01-05 10:04:48.210root 11241100x80000000000000006965112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef0e4f2e9135ed42022-01-05 10:04:48.210root 11241100x80000000000000006965113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4382f4f7bf7ca1632022-01-05 10:04:48.210root 11241100x80000000000000006965114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3601004eb9a026382022-01-05 10:04:48.210root 11241100x80000000000000006965115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0ead357635f8b12022-01-05 10:04:48.210root 11241100x80000000000000006965116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6001e2d80fca93f92022-01-05 10:04:48.210root 11241100x80000000000000006965117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5766fc430d78d18c2022-01-05 10:04:48.210root 11241100x80000000000000006965118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb9370e2c1753492022-01-05 10:04:48.210root 11241100x80000000000000006965119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb8ef6c8c97a55a2022-01-05 10:04:48.210root 11241100x80000000000000006965120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4195a690416f1ba2022-01-05 10:04:48.210root 11241100x80000000000000006965121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b9bb7fcc25bbe82022-01-05 10:04:48.709root 11241100x80000000000000006965122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0c15f922bebe4f2022-01-05 10:04:48.710root 11241100x80000000000000006965123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f7b4412ecd8cf02022-01-05 10:04:48.710root 11241100x80000000000000006965124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2615def23180baa2022-01-05 10:04:48.710root 11241100x80000000000000006965125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f9d7297aa8a82f2022-01-05 10:04:48.710root 11241100x80000000000000006965126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd919cd1de3d9b2022-01-05 10:04:48.710root 11241100x80000000000000006965127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589d6676d99b397e2022-01-05 10:04:48.710root 11241100x80000000000000006965128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52d674b5dfeb2432022-01-05 10:04:48.710root 11241100x80000000000000006965129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a682dac913f078a22022-01-05 10:04:48.710root 11241100x80000000000000006965130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc46085170b0d092022-01-05 10:04:48.710root 11241100x80000000000000006965131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e4f02f1765ebf92022-01-05 10:04:48.711root 11241100x80000000000000006965132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169718dfd1d430442022-01-05 10:04:48.711root 11241100x80000000000000006965133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f395a76afb8ea3d2022-01-05 10:04:48.711root 11241100x80000000000000006965134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de94e54bb28530532022-01-05 10:04:48.711root 11241100x80000000000000006965135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83edd44570b5f6a32022-01-05 10:04:49.209root 11241100x80000000000000006965136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6107a80a75fbacbb2022-01-05 10:04:49.210root 11241100x80000000000000006965137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d02212c922f142d2022-01-05 10:04:49.210root 11241100x80000000000000006965138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134d21b8b16366032022-01-05 10:04:49.210root 11241100x80000000000000006965139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e954c13ae9bc0c442022-01-05 10:04:49.210root 11241100x80000000000000006965140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e581c39745f1daa2022-01-05 10:04:49.210root 11241100x80000000000000006965141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e6ba465df904042022-01-05 10:04:49.210root 11241100x80000000000000006965142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7d929fc18328722022-01-05 10:04:49.210root 11241100x80000000000000006965143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fff85246e4148b2022-01-05 10:04:49.210root 11241100x80000000000000006965144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c06647cb3ff89c82022-01-05 10:04:49.210root 11241100x80000000000000006965145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badf6eb4b9d824d22022-01-05 10:04:49.210root 11241100x80000000000000006965146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e9c57180117d752022-01-05 10:04:49.210root 11241100x80000000000000006965147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747f4b2979bc3a3b2022-01-05 10:04:49.210root 11241100x80000000000000006965148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea97734c42da5152022-01-05 10:04:49.210root 11241100x80000000000000006965149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93208a870e15a1a22022-01-05 10:04:49.709root 11241100x80000000000000006965150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6294daf688a6622022-01-05 10:04:49.709root 11241100x80000000000000006965151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8abbaf29ab3891c2022-01-05 10:04:49.710root 11241100x80000000000000006965152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514fcc5156597e812022-01-05 10:04:49.710root 11241100x80000000000000006965153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a99c32a1f1e8ff2022-01-05 10:04:49.710root 11241100x80000000000000006965154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cd810edf5ac9d32022-01-05 10:04:49.710root 11241100x80000000000000006965155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291d9dedf018a9802022-01-05 10:04:49.710root 11241100x80000000000000006965156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cc10a995915f292022-01-05 10:04:49.710root 11241100x80000000000000006965157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67fef4dc42228572022-01-05 10:04:49.710root 11241100x80000000000000006965158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0463db07d8e007122022-01-05 10:04:49.710root 11241100x80000000000000006965159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34adf176bfa85b222022-01-05 10:04:49.710root 11241100x80000000000000006965160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a40a16db5a84adb2022-01-05 10:04:49.711root 11241100x80000000000000006965161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c568ac8ab10bc52022-01-05 10:04:49.711root 11241100x80000000000000006965162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a8533ad1fe9a6e2022-01-05 10:04:49.711root 354300x80000000000000006965163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.072{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41766-false10.0.1.12-8000- 11241100x80000000000000006965164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b1a22d7ee077422022-01-05 10:04:50.073root 11241100x80000000000000006965165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26099f99c018dfff2022-01-05 10:04:50.073root 11241100x80000000000000006965166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e7a856329c94fe2022-01-05 10:04:50.073root 11241100x80000000000000006965167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b47a1314f8abb52022-01-05 10:04:50.073root 11241100x80000000000000006965168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818aa8059e46d0952022-01-05 10:04:50.073root 11241100x80000000000000006965169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f5d1e9893a0d772022-01-05 10:04:50.073root 11241100x80000000000000006965170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c33f29cb1b724262022-01-05 10:04:50.073root 11241100x80000000000000006965171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2a91fa8f1569482022-01-05 10:04:50.073root 11241100x80000000000000006965172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a111f285e7906e112022-01-05 10:04:50.073root 11241100x80000000000000006965173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.073{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb67fdf9657ef072022-01-05 10:04:50.073root 11241100x80000000000000006965174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f133cbafc53f6d732022-01-05 10:04:50.074root 11241100x80000000000000006965175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af37887245350fcd2022-01-05 10:04:50.074root 11241100x80000000000000006965176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a84c376d7d2b95e2022-01-05 10:04:50.074root 11241100x80000000000000006965177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf725558054ab7a2022-01-05 10:04:50.074root 11241100x80000000000000006965178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354c539d0fa131662022-01-05 10:04:50.074root 11241100x80000000000000006965179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd4c893f6560142022-01-05 10:04:50.460root 11241100x80000000000000006965180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1190866db34ff92022-01-05 10:04:50.460root 11241100x80000000000000006965181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ee6103248fe7d22022-01-05 10:04:50.460root 11241100x80000000000000006965182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313f6872aae6ea532022-01-05 10:04:50.460root 11241100x80000000000000006965183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c70f765e183d3f72022-01-05 10:04:50.460root 11241100x80000000000000006965184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36afd4e7f95a24532022-01-05 10:04:50.460root 11241100x80000000000000006965185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2398ac4f25c044592022-01-05 10:04:50.460root 11241100x80000000000000006965186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3a54f7e17a1b6e2022-01-05 10:04:50.460root 11241100x80000000000000006965187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab60f3173f564a662022-01-05 10:04:50.460root 11241100x80000000000000006965188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bb6020958b11702022-01-05 10:04:50.461root 11241100x80000000000000006965189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5414e82cfb4c802022-01-05 10:04:50.461root 11241100x80000000000000006965190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab90d9cb348930a2022-01-05 10:04:50.461root 11241100x80000000000000006965191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899435f338829a012022-01-05 10:04:50.461root 11241100x80000000000000006965192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b14c185ea0a739c2022-01-05 10:04:50.461root 11241100x80000000000000006965193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0df7b33ebcb7022022-01-05 10:04:50.461root 154100x80000000000000006965194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.522{ec2e79f3-6d42-61d5-6804-9891b6550000}23012/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 534500x80000000000000006965195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.533{ec2e79f3-6d42-61d5-6804-9891b6550000}23012/bin/psroot 11241100x80000000000000006965196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903ba2fc27054bf32022-01-05 10:04:50.960root 11241100x80000000000000006965197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b9ce4c9c59e2742022-01-05 10:04:50.960root 11241100x80000000000000006965198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7116a4406cccb22022-01-05 10:04:50.960root 11241100x80000000000000006965199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bc1ac5b4d707f02022-01-05 10:04:50.960root 11241100x80000000000000006965200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc80229cf0affeb2022-01-05 10:04:50.960root 11241100x80000000000000006965201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027b65280824c6282022-01-05 10:04:50.960root 11241100x80000000000000006965202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c74060c40d5c4ff2022-01-05 10:04:50.960root 11241100x80000000000000006965203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50f86ea2e2456132022-01-05 10:04:50.961root 11241100x80000000000000006965204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94328873993ceba82022-01-05 10:04:50.961root 11241100x80000000000000006965205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2fc9fdaf8daf762022-01-05 10:04:50.961root 11241100x80000000000000006965206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251c05b6717d91802022-01-05 10:04:50.961root 11241100x80000000000000006965207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a10bb3623431ef2022-01-05 10:04:50.961root 11241100x80000000000000006965208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab2141878e138b92022-01-05 10:04:50.961root 11241100x80000000000000006965209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00233c0786029cc32022-01-05 10:04:50.961root 11241100x80000000000000006965210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92fa33b9837fb432022-01-05 10:04:50.961root 11241100x80000000000000006965211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e4977a8cedd6a82022-01-05 10:04:50.961root 11241100x80000000000000006965212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed53df1e783d2992022-01-05 10:04:50.961root 11241100x80000000000000006965213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9248950b4edb622022-01-05 10:04:51.460root 11241100x80000000000000006965214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516bc8bfd8c89c322022-01-05 10:04:51.460root 11241100x80000000000000006965215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e6c98ac2c8a64d2022-01-05 10:04:51.460root 11241100x80000000000000006965216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a28b6deaa42a2042022-01-05 10:04:51.460root 11241100x80000000000000006965217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08470eb2dce4234e2022-01-05 10:04:51.460root 11241100x80000000000000006965218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e907628a7ecede2a2022-01-05 10:04:51.460root 11241100x80000000000000006965219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a3cf68ebce712a2022-01-05 10:04:51.460root 11241100x80000000000000006965220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180831cbdd58c6062022-01-05 10:04:51.460root 11241100x80000000000000006965221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c4f21b3ce0a2622022-01-05 10:04:51.461root 11241100x80000000000000006965222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed44b0f0422b6972022-01-05 10:04:51.461root 11241100x80000000000000006965223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72f8141e56f735a2022-01-05 10:04:51.461root 11241100x80000000000000006965224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa52da17508c6de22022-01-05 10:04:51.461root 11241100x80000000000000006965225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89478e04b326a2e02022-01-05 10:04:51.461root 11241100x80000000000000006965226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824ec049e123b16c2022-01-05 10:04:51.461root 11241100x80000000000000006965227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d1f25cee2568852022-01-05 10:04:51.461root 11241100x80000000000000006965228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b540982cb9b632df2022-01-05 10:04:51.461root 11241100x80000000000000006965229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21eb5a0906a9a5ac2022-01-05 10:04:51.461root 11241100x80000000000000006965230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5011d0e2befc79002022-01-05 10:04:51.960root 11241100x80000000000000006965231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d0e4240abff4222022-01-05 10:04:51.960root 11241100x80000000000000006965232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3d3b98c0d831292022-01-05 10:04:51.960root 11241100x80000000000000006965233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbca4eca0db606c02022-01-05 10:04:51.960root 11241100x80000000000000006965234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712109cd2ead94472022-01-05 10:04:51.960root 11241100x80000000000000006965235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721be00ff76b288e2022-01-05 10:04:51.960root 11241100x80000000000000006965236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0448ae431c7dcf2022-01-05 10:04:51.960root 11241100x80000000000000006965237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c737f03155c427e22022-01-05 10:04:51.960root 11241100x80000000000000006965238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf414fd181c51c932022-01-05 10:04:51.960root 11241100x80000000000000006965239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff0a55d59f8cfc12022-01-05 10:04:51.960root 11241100x80000000000000006965240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cc5695f279ff152022-01-05 10:04:51.960root 11241100x80000000000000006965241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beafc20f7d3416c2022-01-05 10:04:51.960root 11241100x80000000000000006965242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c06cfe5aeb2b4822022-01-05 10:04:51.961root 11241100x80000000000000006965243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b07fa25336e2192022-01-05 10:04:51.961root 11241100x80000000000000006965244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b706dfe3600d9d232022-01-05 10:04:51.961root 11241100x80000000000000006965245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2c99cfa0f5983b2022-01-05 10:04:51.961root 11241100x80000000000000006965246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7963ad6d4c2c8ad42022-01-05 10:04:51.961root 11241100x80000000000000006965247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6537adf78b2410ec2022-01-05 10:04:52.460root 11241100x80000000000000006965248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f962fb2d919bdd2022-01-05 10:04:52.460root 11241100x80000000000000006965249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b069d4f9aea70f2022-01-05 10:04:52.460root 11241100x80000000000000006965250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff13eaec58855f7f2022-01-05 10:04:52.460root 11241100x80000000000000006965251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0dd81be999842c2022-01-05 10:04:52.460root 11241100x80000000000000006965252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f212aad6cdd0cb2022-01-05 10:04:52.460root 11241100x80000000000000006965253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cabd6d4c1054322022-01-05 10:04:52.460root 11241100x80000000000000006965254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0688d9347ded5b2022-01-05 10:04:52.460root 11241100x80000000000000006965255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a729786e63b97f2022-01-05 10:04:52.460root 11241100x80000000000000006965256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95b1c50249b57352022-01-05 10:04:52.460root 11241100x80000000000000006965257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc6050c1891349f2022-01-05 10:04:52.460root 11241100x80000000000000006965258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f919641b8608d46c2022-01-05 10:04:52.460root 11241100x80000000000000006965259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f9fe765d999df92022-01-05 10:04:52.460root 11241100x80000000000000006965260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c428cde94a071f032022-01-05 10:04:52.460root 11241100x80000000000000006965261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6461c58a777f6bc82022-01-05 10:04:52.461root 11241100x80000000000000006965262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b7547f76b4c83a2022-01-05 10:04:52.461root 11241100x80000000000000006965263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd715c041e87dfdb2022-01-05 10:04:52.461root 11241100x80000000000000006965264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c24efa507e3c4d52022-01-05 10:04:52.960root 11241100x80000000000000006965265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be37a4db3340a582022-01-05 10:04:52.960root 11241100x80000000000000006965266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b036530dddbc86902022-01-05 10:04:52.960root 11241100x80000000000000006965267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee78fb898e4b4cf2022-01-05 10:04:52.960root 11241100x80000000000000006965268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6919d78d6423c7462022-01-05 10:04:52.960root 11241100x80000000000000006965269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ec69a2b527fe2b2022-01-05 10:04:52.960root 11241100x80000000000000006965270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df71cc0ecf8e574f2022-01-05 10:04:52.960root 11241100x80000000000000006965271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297e030d80a668292022-01-05 10:04:52.960root 11241100x80000000000000006965272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d8afa491be55582022-01-05 10:04:52.960root 11241100x80000000000000006965273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d7e6a5e87341792022-01-05 10:04:52.960root 11241100x80000000000000006965274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93cb21403efd5412022-01-05 10:04:52.960root 11241100x80000000000000006965275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c0158c8e0c45a2022-01-05 10:04:52.960root 11241100x80000000000000006965276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6871bc708ffcf312022-01-05 10:04:52.960root 11241100x80000000000000006965277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0023d6de4ccd3e2022-01-05 10:04:52.961root 11241100x80000000000000006965278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa09b5ff91bddb12022-01-05 10:04:52.961root 11241100x80000000000000006965279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb11fc06829f9fea2022-01-05 10:04:52.961root 11241100x80000000000000006965280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12054fd83d84168c2022-01-05 10:04:52.961root 11241100x80000000000000006965281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959aef70064d94212022-01-05 10:04:53.460root 11241100x80000000000000006965282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290c81bd4e116f7c2022-01-05 10:04:53.460root 11241100x80000000000000006965283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77c6de92493a4e22022-01-05 10:04:53.460root 11241100x80000000000000006965284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37f6a56a85222da2022-01-05 10:04:53.460root 11241100x80000000000000006965285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ed6969ca087ab62022-01-05 10:04:53.460root 11241100x80000000000000006965286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609e6465cddf7b852022-01-05 10:04:53.460root 11241100x80000000000000006965287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc32fa68b455632022-01-05 10:04:53.460root 11241100x80000000000000006965288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c4194a57d35b6d2022-01-05 10:04:53.460root 11241100x80000000000000006965289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94af6f871a802c8d2022-01-05 10:04:53.460root 11241100x80000000000000006965290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2242e6f38d7ed5762022-01-05 10:04:53.461root 11241100x80000000000000006965291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c887ab1f155dda2022-01-05 10:04:53.461root 11241100x80000000000000006965292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af2502364aa2c2c2022-01-05 10:04:53.461root 11241100x80000000000000006965293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564c848d7888c8282022-01-05 10:04:53.461root 11241100x80000000000000006965294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baff2ca14c745e082022-01-05 10:04:53.461root 11241100x80000000000000006965295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3febea8e1c994b9c2022-01-05 10:04:53.461root 11241100x80000000000000006965296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb86c139fe29e3d12022-01-05 10:04:53.461root 11241100x80000000000000006965297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3798e2964c74b3112022-01-05 10:04:53.462root 11241100x80000000000000006965298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc76cd3b17ab71832022-01-05 10:04:53.960root 11241100x80000000000000006965299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749a6810489247a52022-01-05 10:04:53.960root 11241100x80000000000000006965300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2ec091302e33a72022-01-05 10:04:53.960root 11241100x80000000000000006965301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857f2506e367672a2022-01-05 10:04:53.960root 11241100x80000000000000006965302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24debadebbf4196c2022-01-05 10:04:53.960root 11241100x80000000000000006965303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827dc96baf2a99d02022-01-05 10:04:53.960root 11241100x80000000000000006965304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1075eac48b4543d2022-01-05 10:04:53.960root 11241100x80000000000000006965305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd42aad02590c6112022-01-05 10:04:53.960root 11241100x80000000000000006965306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2c4c3a143d63cd2022-01-05 10:04:53.960root 11241100x80000000000000006965307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e4ad7da110dd852022-01-05 10:04:53.960root 11241100x80000000000000006965308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f40a2c007e14fc52022-01-05 10:04:53.960root 11241100x80000000000000006965309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216630cc6a225f382022-01-05 10:04:53.961root 11241100x80000000000000006965310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91c2d6cb3682a9a2022-01-05 10:04:53.961root 11241100x80000000000000006965311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a364eac8ec9f61912022-01-05 10:04:53.961root 11241100x80000000000000006965312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641907ecec8921942022-01-05 10:04:53.961root 11241100x80000000000000006965313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ba80cc5a0c3ad62022-01-05 10:04:53.961root 11241100x80000000000000006965314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e72d8fc8a890b762022-01-05 10:04:53.961root 11241100x80000000000000006965315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d950bc95019449232022-01-05 10:04:54.460root 11241100x80000000000000006965316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cef5d7b94159c972022-01-05 10:04:54.460root 11241100x80000000000000006965317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bbbdc157a589332022-01-05 10:04:54.460root 11241100x80000000000000006965318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cc8a26515179362022-01-05 10:04:54.460root 11241100x80000000000000006965319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63323f3ccc9384a2022-01-05 10:04:54.460root 11241100x80000000000000006965320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2326192faa3fd6a22022-01-05 10:04:54.460root 11241100x80000000000000006965321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0485ea88044a64742022-01-05 10:04:54.460root 11241100x80000000000000006965322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e6eae4fd3b15102022-01-05 10:04:54.460root 11241100x80000000000000006965323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfc944b80989a2b2022-01-05 10:04:54.460root 11241100x80000000000000006965324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1497c7e6ae011b2022-01-05 10:04:54.460root 11241100x80000000000000006965325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32805ccf6c7601d2022-01-05 10:04:54.461root 11241100x80000000000000006965326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f088af1af9428482022-01-05 10:04:54.461root 11241100x80000000000000006965327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0869a73a84ccb32f2022-01-05 10:04:54.461root 11241100x80000000000000006965328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9af6df3947038242022-01-05 10:04:54.461root 11241100x80000000000000006965329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23ec6040ea0673d2022-01-05 10:04:54.461root 11241100x80000000000000006965330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f227e02dacd3d1132022-01-05 10:04:54.461root 11241100x80000000000000006965331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6e1f92128b10442022-01-05 10:04:54.461root 11241100x80000000000000006965332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5254beddda113c2022-01-05 10:04:54.960root 11241100x80000000000000006965333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c519bf322ee70e2022-01-05 10:04:54.960root 11241100x80000000000000006965334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008c00a31ab6ba9d2022-01-05 10:04:54.960root 11241100x80000000000000006965335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17818577a0e7f7682022-01-05 10:04:54.960root 11241100x80000000000000006965336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec807b836f3325912022-01-05 10:04:54.960root 11241100x80000000000000006965337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e936938d6e185e12022-01-05 10:04:54.960root 11241100x80000000000000006965338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a97fc66a4045fc2022-01-05 10:04:54.960root 11241100x80000000000000006965339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fcc9893f59c5a12022-01-05 10:04:54.960root 11241100x80000000000000006965340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e2f89f288f19182022-01-05 10:04:54.960root 11241100x80000000000000006965341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8f1c0db5a3890b2022-01-05 10:04:54.960root 11241100x80000000000000006965342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ee83242523868f2022-01-05 10:04:54.961root 11241100x80000000000000006965343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5bf514027ceadf2022-01-05 10:04:54.961root 11241100x80000000000000006965344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149cabf57b91be952022-01-05 10:04:54.961root 11241100x80000000000000006965345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46891e64ac02b05b2022-01-05 10:04:54.961root 11241100x80000000000000006965346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cf5374d9dcf5c02022-01-05 10:04:54.961root 11241100x80000000000000006965347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f46ba4d907a42c2022-01-05 10:04:54.961root 11241100x80000000000000006965348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b441bbdb54ef3842022-01-05 10:04:54.961root 11241100x80000000000000006965349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42684f0f1cc720bb2022-01-05 10:04:55.459root 11241100x80000000000000006965350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504f4ed4a9bfc7dc2022-01-05 10:04:55.460root 11241100x80000000000000006965351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706ccec929ad1da12022-01-05 10:04:55.460root 11241100x80000000000000006965352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10402870c5fc9e392022-01-05 10:04:55.460root 11241100x80000000000000006965353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf68fdf5c9f58c72022-01-05 10:04:55.460root 11241100x80000000000000006965354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153fc5adbaa1e00a2022-01-05 10:04:55.460root 11241100x80000000000000006965355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6690fcdf93de3c2022-01-05 10:04:55.460root 11241100x80000000000000006965356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be656455d92d4eda2022-01-05 10:04:55.460root 11241100x80000000000000006965357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5eff5e1fa3584a2022-01-05 10:04:55.460root 11241100x80000000000000006965358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ab9fcef229e0d72022-01-05 10:04:55.460root 11241100x80000000000000006965359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c590c30cbb0d96ce2022-01-05 10:04:55.460root 11241100x80000000000000006965360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a596cdbf10fc372022-01-05 10:04:55.460root 11241100x80000000000000006965361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdc5edb67fca3112022-01-05 10:04:55.461root 11241100x80000000000000006965362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4b86494e42ae0e2022-01-05 10:04:55.461root 11241100x80000000000000006965363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29130697ec769f932022-01-05 10:04:55.461root 11241100x80000000000000006965364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209f2cf7f839d0072022-01-05 10:04:55.461root 11241100x80000000000000006965365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5f6a69652104c62022-01-05 10:04:55.461root 11241100x80000000000000006965366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1f758088b46b392022-01-05 10:04:55.960root 11241100x80000000000000006965367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e2d3d6d157fb982022-01-05 10:04:55.960root 11241100x80000000000000006965368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58197e2482d6dd6b2022-01-05 10:04:55.960root 11241100x80000000000000006965369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4606660a18e4f4092022-01-05 10:04:55.960root 11241100x80000000000000006965370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16c2c3f19c6c5752022-01-05 10:04:55.960root 11241100x80000000000000006965371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb4ec28c2f168982022-01-05 10:04:55.960root 11241100x80000000000000006965372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baa7fd4ab4bbd8e2022-01-05 10:04:55.960root 11241100x80000000000000006965373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0395e08dbee4df982022-01-05 10:04:55.961root 11241100x80000000000000006965374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2809b4a5389ad52022-01-05 10:04:55.961root 11241100x80000000000000006965375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729bfa166577590a2022-01-05 10:04:55.961root 11241100x80000000000000006965376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a84a4ac8a69ed52022-01-05 10:04:55.961root 11241100x80000000000000006965377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a33834f77eeff42022-01-05 10:04:55.961root 11241100x80000000000000006965378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8da6e7951f503782022-01-05 10:04:55.961root 11241100x80000000000000006965379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68ef2cbfc9119b42022-01-05 10:04:55.961root 11241100x80000000000000006965380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1641e9120c18acef2022-01-05 10:04:55.961root 11241100x80000000000000006965381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b8bee8907170402022-01-05 10:04:55.961root 11241100x80000000000000006965382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecef44a95e3496c82022-01-05 10:04:55.961root 354300x80000000000000006965383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.065{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41768-false10.0.1.12-8000- 11241100x80000000000000006965384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a6c5cfd6582d142022-01-05 10:04:56.460root 11241100x80000000000000006965385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512f943cdcd9cf5c2022-01-05 10:04:56.460root 11241100x80000000000000006965386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7285e94a8b5968182022-01-05 10:04:56.460root 11241100x80000000000000006965387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf38ac25672b3662022-01-05 10:04:56.460root 11241100x80000000000000006965388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef604353dd8a8502022-01-05 10:04:56.460root 11241100x80000000000000006965389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f369978254d0c3902022-01-05 10:04:56.460root 11241100x80000000000000006965390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78230351860285f82022-01-05 10:04:56.460root 11241100x80000000000000006965391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62512db702f7f2a2022-01-05 10:04:56.460root 11241100x80000000000000006965392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03de502f0b2b27ae2022-01-05 10:04:56.460root 11241100x80000000000000006965393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0eab722b89077ef2022-01-05 10:04:56.460root 11241100x80000000000000006965394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa76e8aaaeda3aaf2022-01-05 10:04:56.460root 11241100x80000000000000006965395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bf1e4c50073a3f2022-01-05 10:04:56.461root 11241100x80000000000000006965396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66eb28d7c13221cd2022-01-05 10:04:56.461root 11241100x80000000000000006965397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0733b87374d67232022-01-05 10:04:56.461root 11241100x80000000000000006965398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b789af8c05412be52022-01-05 10:04:56.461root 11241100x80000000000000006965399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a254407ecd8030e72022-01-05 10:04:56.461root 11241100x80000000000000006965400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc9a321037cc7fc2022-01-05 10:04:56.461root 11241100x80000000000000006965401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29f84579b591e4d2022-01-05 10:04:56.461root 11241100x80000000000000006965402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f52245cf172e892022-01-05 10:04:56.960root 11241100x80000000000000006965403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a963bcef4a60aad2022-01-05 10:04:56.960root 11241100x80000000000000006965404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3d424add2a74da2022-01-05 10:04:56.960root 11241100x80000000000000006965405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb94afc7c21b65de2022-01-05 10:04:56.960root 11241100x80000000000000006965406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25074ba518de5992022-01-05 10:04:56.960root 11241100x80000000000000006965407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e80282b41eb0292022-01-05 10:04:56.960root 11241100x80000000000000006965408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534c2fb985687a442022-01-05 10:04:56.960root 11241100x80000000000000006965409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca456ba708e4982a2022-01-05 10:04:56.960root 11241100x80000000000000006965410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f27286c9d457a22022-01-05 10:04:56.960root 11241100x80000000000000006965411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b56aab1c676e4e2022-01-05 10:04:56.960root 11241100x80000000000000006965412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357b2a757bfae5b32022-01-05 10:04:56.960root 11241100x80000000000000006965413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9969292eec2f412022-01-05 10:04:56.960root 11241100x80000000000000006965414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4014bf9f26a1702022-01-05 10:04:56.961root 11241100x80000000000000006965415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad1a305ea80b2f12022-01-05 10:04:56.961root 11241100x80000000000000006965416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164cd92f43298d2c2022-01-05 10:04:56.961root 11241100x80000000000000006965417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2103db4a22759812022-01-05 10:04:56.961root 11241100x80000000000000006965418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb493e1e6143d0482022-01-05 10:04:56.961root 11241100x80000000000000006965419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7005ea5230db7f12022-01-05 10:04:56.961root 11241100x80000000000000006965420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d87833676d97892022-01-05 10:04:57.460root 11241100x80000000000000006965421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04572caf7e3572b42022-01-05 10:04:57.460root 11241100x80000000000000006965422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934e800c521fd89b2022-01-05 10:04:57.460root 11241100x80000000000000006965423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cdd4c35d4f72002022-01-05 10:04:57.460root 11241100x80000000000000006965424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d696d95c11321f952022-01-05 10:04:57.460root 11241100x80000000000000006965425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c52a6ae1c9ce60b2022-01-05 10:04:57.460root 11241100x80000000000000006965426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff22141ef1a42242022-01-05 10:04:57.460root 11241100x80000000000000006965427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7e6b4a33fdeca92022-01-05 10:04:57.460root 11241100x80000000000000006965428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab54a3eb5bf42ba82022-01-05 10:04:57.460root 11241100x80000000000000006965429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed9a99f244ae1ee2022-01-05 10:04:57.460root 11241100x80000000000000006965430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8428e502a876e82022-01-05 10:04:57.460root 11241100x80000000000000006965431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c1519056223f122022-01-05 10:04:57.460root 11241100x80000000000000006965432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34233a84e5f04d8c2022-01-05 10:04:57.460root 11241100x80000000000000006965433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee7debab94d01ef2022-01-05 10:04:57.461root 11241100x80000000000000006965434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cda72b9475dfdc2022-01-05 10:04:57.461root 11241100x80000000000000006965435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e58c7d997a5d0662022-01-05 10:04:57.461root 11241100x80000000000000006965436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9153510e40468bb42022-01-05 10:04:57.461root 11241100x80000000000000006965437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbf8fce11ef45372022-01-05 10:04:57.461root 11241100x80000000000000006965438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c93ad5855de8712022-01-05 10:04:57.960root 11241100x80000000000000006965439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca2430d18cdfc302022-01-05 10:04:57.960root 11241100x80000000000000006965440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb148419829bbf02022-01-05 10:04:57.960root 11241100x80000000000000006965441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604d0c434089a5a82022-01-05 10:04:57.960root 11241100x80000000000000006965442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563f8d1a7bc3e2f62022-01-05 10:04:57.960root 11241100x80000000000000006965443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d95c81f451e01f2022-01-05 10:04:57.960root 11241100x80000000000000006965444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799ebcd1ee9e18092022-01-05 10:04:57.960root 11241100x80000000000000006965445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbf7f2c0f6faee12022-01-05 10:04:57.960root 11241100x80000000000000006965446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9600e78fa96639302022-01-05 10:04:57.960root 11241100x80000000000000006965447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eae9deedd8bd5e72022-01-05 10:04:57.960root 11241100x80000000000000006965448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69aa7469dd53819b2022-01-05 10:04:57.960root 11241100x80000000000000006965449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ba10b46df664272022-01-05 10:04:57.960root 11241100x80000000000000006965450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff39cafedcc06c92022-01-05 10:04:57.960root 11241100x80000000000000006965451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb504988b3ca7312022-01-05 10:04:57.960root 11241100x80000000000000006965452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15110fb49d288d852022-01-05 10:04:57.961root 11241100x80000000000000006965453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5705e0f8361084092022-01-05 10:04:57.961root 11241100x80000000000000006965454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f64e24b68508792022-01-05 10:04:57.961root 11241100x80000000000000006965455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c79cbc71e68b04c2022-01-05 10:04:57.961root 11241100x80000000000000006965456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426af2ee62ade6672022-01-05 10:04:58.460root 11241100x80000000000000006965457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff302d213e9684cc2022-01-05 10:04:58.460root 11241100x80000000000000006965458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf0e99231cf21062022-01-05 10:04:58.460root 11241100x80000000000000006965459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ac2a64ffcf58a02022-01-05 10:04:58.460root 11241100x80000000000000006965460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0471bef0cccb84922022-01-05 10:04:58.460root 11241100x80000000000000006965461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd64933edf431e392022-01-05 10:04:58.460root 11241100x80000000000000006965462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c4963c494d3ccf2022-01-05 10:04:58.460root 11241100x80000000000000006965463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1856882bf3ed69e2022-01-05 10:04:58.460root 11241100x80000000000000006965464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7796ed14a11ed3d2022-01-05 10:04:58.460root 11241100x80000000000000006965465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470fc1642e417a152022-01-05 10:04:58.460root 11241100x80000000000000006965466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d882368619954e2022-01-05 10:04:58.460root 11241100x80000000000000006965467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e32529ead57540f2022-01-05 10:04:58.460root 11241100x80000000000000006965468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8346f2d967a4ec2022-01-05 10:04:58.460root 11241100x80000000000000006965469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94565ce1d6da9c5d2022-01-05 10:04:58.461root 11241100x80000000000000006965470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7074841d26b691852022-01-05 10:04:58.461root 11241100x80000000000000006965471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce68fc8d0cefc7fd2022-01-05 10:04:58.461root 11241100x80000000000000006965472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3932c28819c7d2a92022-01-05 10:04:58.461root 11241100x80000000000000006965473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ab027de35b69f2022-01-05 10:04:58.461root 11241100x80000000000000006965474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5a7c4b6f058b6f2022-01-05 10:04:58.960root 11241100x80000000000000006965475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269dd79bb642afeb2022-01-05 10:04:58.960root 11241100x80000000000000006965476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83de96e921ed4acd2022-01-05 10:04:58.960root 11241100x80000000000000006965477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f90952a8fd96d72022-01-05 10:04:58.960root 11241100x80000000000000006965478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a20f16453280dd02022-01-05 10:04:58.960root 11241100x80000000000000006965479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa562ffff08213432022-01-05 10:04:58.960root 11241100x80000000000000006965480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee7ea7990d8eec62022-01-05 10:04:58.960root 11241100x80000000000000006965481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33808632a1b01922022-01-05 10:04:58.960root 11241100x80000000000000006965482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c425a641d2bdcb2022-01-05 10:04:58.960root 11241100x80000000000000006965483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c0e259864e04fe2022-01-05 10:04:58.960root 11241100x80000000000000006965484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faa4e2c33492d172022-01-05 10:04:58.960root 11241100x80000000000000006965485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29758646fa3edec2022-01-05 10:04:58.960root 11241100x80000000000000006965486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea6a1013d937a582022-01-05 10:04:58.960root 11241100x80000000000000006965487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db97f13fd767fcb2022-01-05 10:04:58.961root 11241100x80000000000000006965488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267d98a577586ed52022-01-05 10:04:58.961root 11241100x80000000000000006965489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef75049e4f7b295f2022-01-05 10:04:58.961root 11241100x80000000000000006965490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dbde9c18fedf9b2022-01-05 10:04:58.961root 11241100x80000000000000006965491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ae2c2e994c148d2022-01-05 10:04:58.961root 11241100x80000000000000006965492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.220{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:04:59.220root 11241100x80000000000000006965493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e021ce2e6434b9072022-01-05 10:04:59.220root 11241100x80000000000000006965494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994e8c85d6c986cc2022-01-05 10:04:59.220root 11241100x80000000000000006965495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4097ed18fd2599ef2022-01-05 10:04:59.221root 11241100x80000000000000006965496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a23e19c00640772022-01-05 10:04:59.221root 11241100x80000000000000006965497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9828db69d131ba52022-01-05 10:04:59.221root 11241100x80000000000000006965498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d92a7dd460dde262022-01-05 10:04:59.221root 11241100x80000000000000006965499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773bbff4ab21d7ee2022-01-05 10:04:59.221root 11241100x80000000000000006965500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881c2f0f877811642022-01-05 10:04:59.221root 11241100x80000000000000006965501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7bd254a1ad2faa2022-01-05 10:04:59.221root 11241100x80000000000000006965502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1fe5ba22b524ca2022-01-05 10:04:59.222root 11241100x80000000000000006965503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86656052bc08bf272022-01-05 10:04:59.222root 11241100x80000000000000006965504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3091c7da7eda33882022-01-05 10:04:59.222root 11241100x80000000000000006965505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955c11395831cd502022-01-05 10:04:59.222root 11241100x80000000000000006965506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10a4a514d4e1bfc2022-01-05 10:04:59.222root 11241100x80000000000000006965507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1275b340ba4e7b5b2022-01-05 10:04:59.222root 11241100x80000000000000006965508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d6e30e6cbb16312022-01-05 10:04:59.222root 11241100x80000000000000006965509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5c21207be5ffcd2022-01-05 10:04:59.222root 11241100x80000000000000006965510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42857b5b39a443162022-01-05 10:04:59.223root 11241100x80000000000000006965511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a73dc7ea63872d52022-01-05 10:04:59.223root 11241100x80000000000000006965512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdc0d81695e4c002022-01-05 10:04:59.223root 11241100x80000000000000006965513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f3f60a6bf9afc22022-01-05 10:04:59.223root 11241100x80000000000000006965514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e72a22382164132022-01-05 10:04:59.710root 11241100x80000000000000006965515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741c862f2413a53f2022-01-05 10:04:59.710root 11241100x80000000000000006965516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b54a612e2248272022-01-05 10:04:59.710root 11241100x80000000000000006965517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6177594d5a0c3b862022-01-05 10:04:59.710root 11241100x80000000000000006965518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372366c6377ff27e2022-01-05 10:04:59.710root 11241100x80000000000000006965519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79259664f186be7a2022-01-05 10:04:59.710root 11241100x80000000000000006965520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde36e6bf3daa7df2022-01-05 10:04:59.710root 11241100x80000000000000006965521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c149bca93a1cf12022-01-05 10:04:59.710root 11241100x80000000000000006965522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd867dbc37cedc2022-01-05 10:04:59.710root 11241100x80000000000000006965523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07ba0435475e0e52022-01-05 10:04:59.710root 11241100x80000000000000006965524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15dfe3d5bd124b82022-01-05 10:04:59.711root 11241100x80000000000000006965525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b0d28563071b102022-01-05 10:04:59.711root 11241100x80000000000000006965526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3430a5c406b13ca2022-01-05 10:04:59.711root 11241100x80000000000000006965527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c65c6b85c95beae2022-01-05 10:04:59.711root 11241100x80000000000000006965528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31647531cd00cabe2022-01-05 10:04:59.711root 11241100x80000000000000006965529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843a59ed468f1cbf2022-01-05 10:04:59.711root 11241100x80000000000000006965530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971ffec8f05b6f142022-01-05 10:04:59.711root 11241100x80000000000000006965531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d780649d65bda62022-01-05 10:04:59.711root 11241100x80000000000000006965532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:04:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1814338318d12de82022-01-05 10:04:59.711root 11241100x80000000000000006965533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d974a80d47a32c02022-01-05 10:05:00.210root 11241100x80000000000000006965534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4424be39ca9033fe2022-01-05 10:05:00.210root 11241100x80000000000000006965535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbd4fc211cd45972022-01-05 10:05:00.210root 11241100x80000000000000006965536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc328e45253a23842022-01-05 10:05:00.210root 11241100x80000000000000006965537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0044d9a350debc2022-01-05 10:05:00.210root 11241100x80000000000000006965538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615a50473803020d2022-01-05 10:05:00.211root 11241100x80000000000000006965539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d655ee8c65fb332022-01-05 10:05:00.211root 11241100x80000000000000006965540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac75408c935061f2022-01-05 10:05:00.211root 11241100x80000000000000006965541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd1cb97392ce21d2022-01-05 10:05:00.212root 11241100x80000000000000006965542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8daf52bdf2bd8b2022-01-05 10:05:00.212root 11241100x80000000000000006965543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b867caf0e51d92c12022-01-05 10:05:00.212root 11241100x80000000000000006965544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b96e9f57684d9b2022-01-05 10:05:00.212root 11241100x80000000000000006965545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10943f191a64b212022-01-05 10:05:00.212root 11241100x80000000000000006965546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f02a2ccc5fdb352022-01-05 10:05:00.212root 11241100x80000000000000006965547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084c7eb23dff68c32022-01-05 10:05:00.212root 11241100x80000000000000006965548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0470e41d746450622022-01-05 10:05:00.212root 11241100x80000000000000006965549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a3cc89ba7287192022-01-05 10:05:00.212root 11241100x80000000000000006965550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a1bbaf111494d62022-01-05 10:05:00.212root 11241100x80000000000000006965551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf7769b2cba2f52022-01-05 10:05:00.212root 11241100x80000000000000006965552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d138fff4ef132452022-01-05 10:05:00.710root 11241100x80000000000000006965553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84728729cd5d631e2022-01-05 10:05:00.710root 11241100x80000000000000006965554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378215a6b2925efa2022-01-05 10:05:00.710root 11241100x80000000000000006965555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdae0524f0a73d82022-01-05 10:05:00.710root 11241100x80000000000000006965556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733573443d6396fe2022-01-05 10:05:00.710root 11241100x80000000000000006965557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68073c464ac3d1342022-01-05 10:05:00.710root 11241100x80000000000000006965558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ca5ad15725eadf2022-01-05 10:05:00.710root 11241100x80000000000000006965559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa18e2cc72c991d2022-01-05 10:05:00.711root 11241100x80000000000000006965560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac2d10a282544352022-01-05 10:05:00.711root 11241100x80000000000000006965561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7fe9916ae40be72022-01-05 10:05:00.711root 11241100x80000000000000006965562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96386e0559f852452022-01-05 10:05:00.711root 11241100x80000000000000006965563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964148d06b34b94c2022-01-05 10:05:00.711root 11241100x80000000000000006965564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498bcc04a4adb0412022-01-05 10:05:00.711root 11241100x80000000000000006965565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba72323e69cda2572022-01-05 10:05:00.711root 11241100x80000000000000006965566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a67dc655f51ef5a2022-01-05 10:05:00.711root 11241100x80000000000000006965567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32f4667ab12d1ca2022-01-05 10:05:00.711root 11241100x80000000000000006965568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077ca06eab8c20102022-01-05 10:05:00.711root 11241100x80000000000000006965569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4ea210d83ed4582022-01-05 10:05:00.711root 11241100x80000000000000006965570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363d1997a72da1aa2022-01-05 10:05:00.712root 354300x80000000000000006965571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.079{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41770-false10.0.1.12-8000- 11241100x80000000000000006965572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.080{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e98404de26de8dd2022-01-05 10:05:01.080root 11241100x80000000000000006965573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.080{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6888ab08d27a982022-01-05 10:05:01.080root 11241100x80000000000000006965574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.080{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8099f8f143072bf12022-01-05 10:05:01.080root 11241100x80000000000000006965575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.080{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23592ed33c1045d2022-01-05 10:05:01.080root 11241100x80000000000000006965576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f00365ca2a4d492022-01-05 10:05:01.081root 11241100x80000000000000006965577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b95e464603f52c72022-01-05 10:05:01.081root 11241100x80000000000000006965578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85816ac814f9d5e62022-01-05 10:05:01.081root 11241100x80000000000000006965579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2485a7537b938d92022-01-05 10:05:01.081root 11241100x80000000000000006965580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f358c2ae8fb305d2022-01-05 10:05:01.081root 11241100x80000000000000006965581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df9a63445f4b5342022-01-05 10:05:01.081root 11241100x80000000000000006965582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a237714914943c842022-01-05 10:05:01.082root 11241100x80000000000000006965583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2d1228bf86a16d2022-01-05 10:05:01.082root 11241100x80000000000000006965584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67102dd097857652022-01-05 10:05:01.082root 11241100x80000000000000006965585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d01fdc01896b412022-01-05 10:05:01.082root 11241100x80000000000000006965586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a532b8263999512022-01-05 10:05:01.082root 11241100x80000000000000006965587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2193eadc9d67c1c62022-01-05 10:05:01.082root 11241100x80000000000000006965588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafd6af3f6f8655e2022-01-05 10:05:01.082root 11241100x80000000000000006965589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.083{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96084992f24e99a2022-01-05 10:05:01.083root 11241100x80000000000000006965590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.083{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2e3e662e011db42022-01-05 10:05:01.083root 11241100x80000000000000006965591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.083{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6729cf9dc3fb572022-01-05 10:05:01.083root 11241100x80000000000000006965592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae94b434738448b12022-01-05 10:05:01.085root 11241100x80000000000000006965593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b4c3e0bb5609e92022-01-05 10:05:01.085root 11241100x80000000000000006965594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36956b43360e39e62022-01-05 10:05:01.086root 11241100x80000000000000006965595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3db837a24807f92022-01-05 10:05:01.086root 11241100x80000000000000006965596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f5650ba956fe102022-01-05 10:05:01.086root 11241100x80000000000000006965597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5431453b78c65732022-01-05 10:05:01.086root 11241100x80000000000000006965598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4cafc91bc71bbe2022-01-05 10:05:01.086root 11241100x80000000000000006965599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d08b7a20ef508c2022-01-05 10:05:01.086root 11241100x80000000000000006965600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfb9c01683b53d52022-01-05 10:05:01.086root 11241100x80000000000000006965601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec387589b7210192022-01-05 10:05:01.086root 11241100x80000000000000006965602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca15bee640ee8042022-01-05 10:05:01.086root 11241100x80000000000000006965603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ee365ceef8c0e82022-01-05 10:05:01.086root 11241100x80000000000000006965604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4055c4298ffe972022-01-05 10:05:01.087root 11241100x80000000000000006965605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1866f51cfc76beff2022-01-05 10:05:01.087root 11241100x80000000000000006965606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50681cae1950e72d2022-01-05 10:05:01.460root 11241100x80000000000000006965607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9838856d2ed540752022-01-05 10:05:01.460root 11241100x80000000000000006965608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819be9e2955d8df32022-01-05 10:05:01.460root 11241100x80000000000000006965609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c768e97f2737b1eb2022-01-05 10:05:01.460root 11241100x80000000000000006965610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf497b1989b5eebf2022-01-05 10:05:01.460root 11241100x80000000000000006965611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b5c0239113271d2022-01-05 10:05:01.460root 11241100x80000000000000006965612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c51e7082bc06dd02022-01-05 10:05:01.460root 11241100x80000000000000006965613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12c83bcc03120ad2022-01-05 10:05:01.460root 11241100x80000000000000006965614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c824759fc328cc2022-01-05 10:05:01.461root 11241100x80000000000000006965615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e4d65b3b8d050d2022-01-05 10:05:01.461root 11241100x80000000000000006965616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b43e1c254d560662022-01-05 10:05:01.461root 11241100x80000000000000006965617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7605a733b7baf7d92022-01-05 10:05:01.461root 11241100x80000000000000006965618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceef2c69bb816bb12022-01-05 10:05:01.461root 11241100x80000000000000006965619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dc825a1ea9dcc22022-01-05 10:05:01.461root 11241100x80000000000000006965620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a58ae0f15ca0322022-01-05 10:05:01.461root 11241100x80000000000000006965621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875d5ee6b3e608552022-01-05 10:05:01.461root 11241100x80000000000000006965622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a70d13c8a0d5ef92022-01-05 10:05:01.461root 11241100x80000000000000006965623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e6b64ec7ce4f4c2022-01-05 10:05:01.461root 11241100x80000000000000006965624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac98230706eb8122022-01-05 10:05:01.461root 11241100x80000000000000006965625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de4a37780944a122022-01-05 10:05:01.461root 11241100x80000000000000006965626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98c9335fdad38932022-01-05 10:05:01.960root 11241100x80000000000000006965627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2945ff4e8fa44f462022-01-05 10:05:01.960root 11241100x80000000000000006965628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e17af182fd00b792022-01-05 10:05:01.960root 11241100x80000000000000006965629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1bae406c1aa3a92022-01-05 10:05:01.960root 11241100x80000000000000006965630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c332d5641ed928622022-01-05 10:05:01.960root 11241100x80000000000000006965631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594e7013da34228d2022-01-05 10:05:01.960root 11241100x80000000000000006965632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93eb44963f6635962022-01-05 10:05:01.960root 11241100x80000000000000006965633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9cdd4413353cab2022-01-05 10:05:01.960root 11241100x80000000000000006965634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5e5440e2eb45bf2022-01-05 10:05:01.960root 11241100x80000000000000006965635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e061c246f5d5cdcc2022-01-05 10:05:01.960root 11241100x80000000000000006965636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58efa0a92cfed6112022-01-05 10:05:01.960root 11241100x80000000000000006965637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d52486b49660932022-01-05 10:05:01.960root 11241100x80000000000000006965638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483943090f735dd42022-01-05 10:05:01.961root 11241100x80000000000000006965639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64189c1f955c7c3d2022-01-05 10:05:01.961root 11241100x80000000000000006965640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6856a79b1296585f2022-01-05 10:05:01.961root 11241100x80000000000000006965641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dfbf4b879b9e382022-01-05 10:05:01.961root 11241100x80000000000000006965642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dece877892a5672022-01-05 10:05:01.961root 11241100x80000000000000006965643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf13e4e517ea4022022-01-05 10:05:01.961root 11241100x80000000000000006965644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39439d643a4e50b32022-01-05 10:05:01.961root 11241100x80000000000000006965645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:01.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a80fdd227acf08c2022-01-05 10:05:01.961root 23542300x80000000000000006965646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006965647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c749fc1165d324752022-01-05 10:05:02.222root 11241100x80000000000000006965648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f305b43b9e4fefd72022-01-05 10:05:02.222root 11241100x80000000000000006965649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105af8578be237932022-01-05 10:05:02.223root 11241100x80000000000000006965650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430affe188a89d802022-01-05 10:05:02.223root 11241100x80000000000000006965651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdaf85f944c3bf42022-01-05 10:05:02.223root 11241100x80000000000000006965652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eccf5891809dfa72022-01-05 10:05:02.223root 11241100x80000000000000006965653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00b37abc28524ae2022-01-05 10:05:02.223root 11241100x80000000000000006965654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b038cf1f082818732022-01-05 10:05:02.223root 11241100x80000000000000006965655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369004d6117cb2942022-01-05 10:05:02.223root 11241100x80000000000000006965656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b55c6af4810c52a2022-01-05 10:05:02.224root 11241100x80000000000000006965657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f90a28e1ed848b2022-01-05 10:05:02.224root 11241100x80000000000000006965658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df32497fef6199d12022-01-05 10:05:02.224root 11241100x80000000000000006965659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944a2678aed3f90f2022-01-05 10:05:02.224root 11241100x80000000000000006965660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904acd55a1749c3a2022-01-05 10:05:02.224root 11241100x80000000000000006965661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c6d4252ff9e2b82022-01-05 10:05:02.225root 11241100x80000000000000006965662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19e65a6d1c599f92022-01-05 10:05:02.225root 11241100x80000000000000006965663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189fa8ff0967f6f32022-01-05 10:05:02.225root 11241100x80000000000000006965664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83555a2217a97b7c2022-01-05 10:05:02.225root 11241100x80000000000000006965665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fe6117b2fd32912022-01-05 10:05:02.225root 11241100x80000000000000006965666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fafc6c33cb3effd2022-01-05 10:05:02.225root 11241100x80000000000000006965667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400ed2f370aaca952022-01-05 10:05:02.225root 11241100x80000000000000006965668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdda75591a88d3f2022-01-05 10:05:02.225root 11241100x80000000000000006965669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4e7c35089f96472022-01-05 10:05:02.225root 11241100x80000000000000006965670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c862035213019a42022-01-05 10:05:02.225root 11241100x80000000000000006965671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2360ea386ceacc2022-01-05 10:05:02.225root 11241100x80000000000000006965672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695abd01a9e0c2112022-01-05 10:05:02.226root 11241100x80000000000000006965673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30366e83561801a62022-01-05 10:05:02.226root 11241100x80000000000000006965674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfabc355c60524512022-01-05 10:05:02.226root 11241100x80000000000000006965675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664050852021de0e2022-01-05 10:05:02.227root 11241100x80000000000000006965676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b312de44d926b82022-01-05 10:05:02.227root 11241100x80000000000000006965677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a98ad305d6a3dc2022-01-05 10:05:02.227root 11241100x80000000000000006965678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6210ba24558e72952022-01-05 10:05:02.227root 11241100x80000000000000006965679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575e14f03cf205ec2022-01-05 10:05:02.227root 11241100x80000000000000006965680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1987e097f164acb42022-01-05 10:05:02.227root 11241100x80000000000000006965681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7ec4aef60a82702022-01-05 10:05:02.710root 11241100x80000000000000006965682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ce5195f2ff422d2022-01-05 10:05:02.710root 11241100x80000000000000006965683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadc66ca288dde5a2022-01-05 10:05:02.711root 11241100x80000000000000006965684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5723df28efdc2a2022-01-05 10:05:02.711root 11241100x80000000000000006965685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a06fdfe819bfe12022-01-05 10:05:02.711root 11241100x80000000000000006965686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafa6d647a0adea82022-01-05 10:05:02.711root 11241100x80000000000000006965687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb50fa08bf6eb2a92022-01-05 10:05:02.711root 11241100x80000000000000006965688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0549332d3450682022-01-05 10:05:02.711root 11241100x80000000000000006965689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b26cefd26cc0c122022-01-05 10:05:02.712root 11241100x80000000000000006965690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bd7e9682b1b7912022-01-05 10:05:02.712root 11241100x80000000000000006965691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176c75c73f07f8ed2022-01-05 10:05:02.712root 11241100x80000000000000006965692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e19370c8e3da852022-01-05 10:05:02.712root 11241100x80000000000000006965693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008ac193797d205a2022-01-05 10:05:02.712root 11241100x80000000000000006965694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dd158de8fe95432022-01-05 10:05:02.712root 11241100x80000000000000006965695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edba82b206e42b92022-01-05 10:05:02.712root 11241100x80000000000000006965696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18de489d603f80e12022-01-05 10:05:02.712root 11241100x80000000000000006965697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7cba8b8184b0d22022-01-05 10:05:02.713root 11241100x80000000000000006965698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037b4c63f85059242022-01-05 10:05:02.713root 11241100x80000000000000006965699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f564a8b83d48aea72022-01-05 10:05:02.713root 11241100x80000000000000006965700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dc8afd10e0e72e2022-01-05 10:05:02.713root 11241100x80000000000000006965701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:02.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00c8b39c8a311362022-01-05 10:05:02.714root 11241100x80000000000000006965702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707269c389bc096d2022-01-05 10:05:03.209root 11241100x80000000000000006965703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1732d3eb441b30d2022-01-05 10:05:03.209root 11241100x80000000000000006965704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3826a85784a393a2022-01-05 10:05:03.209root 11241100x80000000000000006965705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4a9685cdf8f58b2022-01-05 10:05:03.209root 11241100x80000000000000006965706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0b56f4ae785a3a2022-01-05 10:05:03.209root 11241100x80000000000000006965707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bedc9fde11984392022-01-05 10:05:03.209root 11241100x80000000000000006965708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b67857354803c492022-01-05 10:05:03.210root 11241100x80000000000000006965709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a19d9eee7e8af42022-01-05 10:05:03.210root 11241100x80000000000000006965710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1e6944f043cddc2022-01-05 10:05:03.210root 11241100x80000000000000006965711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395b24eb5fe1feec2022-01-05 10:05:03.210root 11241100x80000000000000006965712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13b078f749561ad2022-01-05 10:05:03.210root 11241100x80000000000000006965713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbb0df2933e2a9b2022-01-05 10:05:03.210root 11241100x80000000000000006965714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f915d37364a3d52022-01-05 10:05:03.210root 11241100x80000000000000006965715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd4caf9d06163ef2022-01-05 10:05:03.210root 11241100x80000000000000006965716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1a2b18ef50325c2022-01-05 10:05:03.211root 11241100x80000000000000006965717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4dd5077d5184272022-01-05 10:05:03.211root 11241100x80000000000000006965718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5bc7c08417003f2022-01-05 10:05:03.211root 11241100x80000000000000006965719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2de62044f2d7162022-01-05 10:05:03.211root 11241100x80000000000000006965720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d60eb78e65fa572022-01-05 10:05:03.211root 11241100x80000000000000006965721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4215e43c2240ff892022-01-05 10:05:03.211root 11241100x80000000000000006965722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afdaa939c788ef92022-01-05 10:05:03.211root 11241100x80000000000000006965723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bc0372e52ad4d12022-01-05 10:05:03.211root 11241100x80000000000000006965724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9bdb01b38cc3b92022-01-05 10:05:03.710root 11241100x80000000000000006965725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a6c0eee52d99852022-01-05 10:05:03.710root 11241100x80000000000000006965726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d6593af6fc24752022-01-05 10:05:03.710root 11241100x80000000000000006965727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4817486dd34855482022-01-05 10:05:03.710root 11241100x80000000000000006965728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1db47b729dd15d22022-01-05 10:05:03.710root 11241100x80000000000000006965729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e84e373e66b1a72022-01-05 10:05:03.710root 11241100x80000000000000006965730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf73d9a86b76edef2022-01-05 10:05:03.710root 11241100x80000000000000006965731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fb71ba8a653eed2022-01-05 10:05:03.710root 11241100x80000000000000006965732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4cbd849e38ff1b2022-01-05 10:05:03.710root 11241100x80000000000000006965733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d046c856f07fba262022-01-05 10:05:03.710root 11241100x80000000000000006965734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59f72c9643d71152022-01-05 10:05:03.711root 11241100x80000000000000006965735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b25af91ae4e31412022-01-05 10:05:03.711root 11241100x80000000000000006965736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b0a2d1276560b92022-01-05 10:05:03.711root 11241100x80000000000000006965737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bff4aa4b76e5c542022-01-05 10:05:03.711root 11241100x80000000000000006965738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01570d6a7b2670d82022-01-05 10:05:03.711root 11241100x80000000000000006965739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1cbebbb6a1f89c2022-01-05 10:05:03.711root 11241100x80000000000000006965740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4036a752854adf2022-01-05 10:05:03.711root 11241100x80000000000000006965741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305d660387825b372022-01-05 10:05:03.711root 11241100x80000000000000006965742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d044e8ec6c55e1592022-01-05 10:05:03.711root 11241100x80000000000000006965743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f23757ffc6166b12022-01-05 10:05:03.711root 11241100x80000000000000006965744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1622e6eb37de5d2022-01-05 10:05:03.712root 11241100x80000000000000006965745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55ff369046526f52022-01-05 10:05:04.210root 11241100x80000000000000006965746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e9f77dd68025ec2022-01-05 10:05:04.210root 11241100x80000000000000006965747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57617ccfaa6ee8282022-01-05 10:05:04.210root 11241100x80000000000000006965748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7386a8f7df1760402022-01-05 10:05:04.210root 11241100x80000000000000006965749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da77e847444f542022-01-05 10:05:04.210root 11241100x80000000000000006965750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3ea2c98dae527b2022-01-05 10:05:04.210root 11241100x80000000000000006965751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67b7d93e0a083522022-01-05 10:05:04.210root 11241100x80000000000000006965752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d20ba93b920ff662022-01-05 10:05:04.211root 11241100x80000000000000006965753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3a43e413fc225b2022-01-05 10:05:04.211root 11241100x80000000000000006965754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f202a9214bac2832022-01-05 10:05:04.211root 11241100x80000000000000006965755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ca06a5e9a1e732022-01-05 10:05:04.211root 11241100x80000000000000006965756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21af57c2bc0013a42022-01-05 10:05:04.211root 11241100x80000000000000006965757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34e5684b925516e2022-01-05 10:05:04.211root 11241100x80000000000000006965758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932783c8ff885d9d2022-01-05 10:05:04.211root 11241100x80000000000000006965759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057e39081f2815842022-01-05 10:05:04.212root 11241100x80000000000000006965760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1435ad70aec46922022-01-05 10:05:04.212root 11241100x80000000000000006965761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a67f9617000e2272022-01-05 10:05:04.212root 11241100x80000000000000006965762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedbc67b1c3abc832022-01-05 10:05:04.212root 11241100x80000000000000006965763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb768719085a6b42022-01-05 10:05:04.212root 11241100x80000000000000006965764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822f24b84f38b6052022-01-05 10:05:04.212root 11241100x80000000000000006965765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c27061c377d97ed2022-01-05 10:05:04.213root 11241100x80000000000000006965766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626fb31bab4a1df12022-01-05 10:05:04.710root 11241100x80000000000000006965767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c8d1b82a9844de2022-01-05 10:05:04.710root 11241100x80000000000000006965768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f818578fd693e32022-01-05 10:05:04.710root 11241100x80000000000000006965769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b52a25f5a793cd2022-01-05 10:05:04.710root 11241100x80000000000000006965770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e74e19112f28fd2022-01-05 10:05:04.710root 11241100x80000000000000006965771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87f81db6d62df412022-01-05 10:05:04.711root 11241100x80000000000000006965772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ef1aa50ef12f532022-01-05 10:05:04.711root 11241100x80000000000000006965773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17ce213521c29d92022-01-05 10:05:04.711root 11241100x80000000000000006965774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee732c853d09446d2022-01-05 10:05:04.711root 11241100x80000000000000006965775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9d0af61f3546c72022-01-05 10:05:04.711root 11241100x80000000000000006965776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dac3eb27a6df462022-01-05 10:05:04.711root 11241100x80000000000000006965777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15246d799db146202022-01-05 10:05:04.711root 11241100x80000000000000006965778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f68ce0a26087e2d2022-01-05 10:05:04.711root 11241100x80000000000000006965779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aabbeb8a3620a562022-01-05 10:05:04.711root 11241100x80000000000000006965780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5160aed960f3fe302022-01-05 10:05:04.712root 11241100x80000000000000006965781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca1588e7216c5d82022-01-05 10:05:04.712root 11241100x80000000000000006965782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0073911c8d56982022-01-05 10:05:04.712root 11241100x80000000000000006965783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01132dfd926755182022-01-05 10:05:04.712root 11241100x80000000000000006965784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5f5fda3a74631d2022-01-05 10:05:04.712root 11241100x80000000000000006965785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d295885bcd8e3e2022-01-05 10:05:04.712root 11241100x80000000000000006965786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0ebfbd19517b462022-01-05 10:05:04.712root 11241100x80000000000000006965787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea51025d99bd29d2022-01-05 10:05:05.210root 11241100x80000000000000006965788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2851eda4c8c2129e2022-01-05 10:05:05.210root 11241100x80000000000000006965789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fe3f88cd0f32622022-01-05 10:05:05.210root 11241100x80000000000000006965790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a62d4439ec8cf6d2022-01-05 10:05:05.210root 11241100x80000000000000006965791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bce42110f1ee26f2022-01-05 10:05:05.210root 11241100x80000000000000006965792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8beb80699956102022-01-05 10:05:05.210root 11241100x80000000000000006965793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db2fcaee2fa8eb62022-01-05 10:05:05.210root 11241100x80000000000000006965794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff4a9c4805146eb2022-01-05 10:05:05.211root 11241100x80000000000000006965795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557b0c24055f16e2022-01-05 10:05:05.211root 11241100x80000000000000006965796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f8e1ddd464e5422022-01-05 10:05:05.211root 11241100x80000000000000006965797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919551dece7eef062022-01-05 10:05:05.211root 11241100x80000000000000006965798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d739816985bd1ffa2022-01-05 10:05:05.211root 11241100x80000000000000006965799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21362d81695388012022-01-05 10:05:05.211root 11241100x80000000000000006965800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf981218bf458ed2022-01-05 10:05:05.211root 11241100x80000000000000006965801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7752436521b4b3bc2022-01-05 10:05:05.211root 11241100x80000000000000006965802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e2bb640d5b140f2022-01-05 10:05:05.211root 11241100x80000000000000006965803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1454f1f5e4e08852022-01-05 10:05:05.212root 11241100x80000000000000006965804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6feb3241a1e4e2022-01-05 10:05:05.212root 11241100x80000000000000006965805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2bf39d45a367e62022-01-05 10:05:05.212root 11241100x80000000000000006965806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd594c99974d30632022-01-05 10:05:05.212root 11241100x80000000000000006965807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f459bcd7862d30b2022-01-05 10:05:05.212root 11241100x80000000000000006965808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828ae8ace62fa6472022-01-05 10:05:05.212root 11241100x80000000000000006965809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b823c878777f3652022-01-05 10:05:05.710root 11241100x80000000000000006965810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfb87243848c8362022-01-05 10:05:05.710root 11241100x80000000000000006965811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53580a6d4a1c192e2022-01-05 10:05:05.710root 11241100x80000000000000006965812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a626fcc977d5266b2022-01-05 10:05:05.710root 11241100x80000000000000006965813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d7a19a829a8d4b2022-01-05 10:05:05.710root 11241100x80000000000000006965814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774d0e7147da3e832022-01-05 10:05:05.710root 11241100x80000000000000006965815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112f55d7f3ac52d92022-01-05 10:05:05.710root 11241100x80000000000000006965816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f673dc854618e32022-01-05 10:05:05.710root 11241100x80000000000000006965817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83155901191940b72022-01-05 10:05:05.711root 11241100x80000000000000006965818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd0775ded3ee4a52022-01-05 10:05:05.711root 11241100x80000000000000006965819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e597da9b175283f02022-01-05 10:05:05.711root 11241100x80000000000000006965820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113cc51a0081cae52022-01-05 10:05:05.711root 11241100x80000000000000006965821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a07c71e7de94a952022-01-05 10:05:05.711root 11241100x80000000000000006965822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7bf51e7f2551822022-01-05 10:05:05.711root 11241100x80000000000000006965823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b5ae95183c19d82022-01-05 10:05:05.711root 11241100x80000000000000006965824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb92eb3be8566822022-01-05 10:05:05.711root 11241100x80000000000000006965825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8516dc1ef1a7c502022-01-05 10:05:05.711root 11241100x80000000000000006965826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf518a139f7f42762022-01-05 10:05:05.711root 11241100x80000000000000006965827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150aec7615b293392022-01-05 10:05:05.711root 11241100x80000000000000006965828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51566ef0678d6932022-01-05 10:05:05.712root 11241100x80000000000000006965829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cbdc7e7d1ea2fb2022-01-05 10:05:05.712root 154100x80000000000000006965830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.883{ec2e79f3-6d51-61d5-c00f-6551f2550000}23013/home/ubuntu/doas/doas-----./doas -C /etc/doas.conf/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash-bashubuntu 534500x80000000000000006965831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:05.885{ec2e79f3-6d51-61d5-c00f-6551f2550000}23013/home/ubuntu/doas/doasubuntu 354300x80000000000000006965832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.141{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41772-false10.0.1.12-8000- 11241100x80000000000000006965833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.141{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82366f46cf60e692022-01-05 10:05:06.141root 11241100x80000000000000006965834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.141{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adc584c33b81ccb2022-01-05 10:05:06.141root 11241100x80000000000000006965835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.142{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb05ab2bc3d36cdd2022-01-05 10:05:06.142root 11241100x80000000000000006965836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.142{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56110fd63d3068a12022-01-05 10:05:06.142root 11241100x80000000000000006965837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.142{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a84fed61448adbc2022-01-05 10:05:06.142root 11241100x80000000000000006965838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.142{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c431b147d023a432022-01-05 10:05:06.142root 11241100x80000000000000006965839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.142{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9059a7fb01d6e02022-01-05 10:05:06.142root 11241100x80000000000000006965840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.142{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d6ce4bee3c4d542022-01-05 10:05:06.142root 11241100x80000000000000006965841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.142{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954966cc4cfa0f212022-01-05 10:05:06.142root 11241100x80000000000000006965842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.142{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8286102eaedf25082022-01-05 10:05:06.142root 11241100x80000000000000006965843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.142{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de55c98223f2adb2022-01-05 10:05:06.142root 11241100x80000000000000006965844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.143{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b841f0024fed18c82022-01-05 10:05:06.143root 11241100x80000000000000006965845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.143{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280e0afdbc5008e92022-01-05 10:05:06.143root 11241100x80000000000000006965846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.143{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304f7d54d5ccf92f2022-01-05 10:05:06.143root 11241100x80000000000000006965847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.143{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595c3a9a9fe857c72022-01-05 10:05:06.143root 11241100x80000000000000006965848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.143{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce8fdb4965224062022-01-05 10:05:06.143root 11241100x80000000000000006965849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.143{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f093049ba5ff522022-01-05 10:05:06.143root 11241100x80000000000000006965850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.144{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad16ddf8f09b7ac2022-01-05 10:05:06.144root 11241100x80000000000000006965851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.144{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4f7d947d10c7a72022-01-05 10:05:06.144root 11241100x80000000000000006965852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.144{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe955cee4532fbe82022-01-05 10:05:06.144root 11241100x80000000000000006965853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.144{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda8992f93aa65a72022-01-05 10:05:06.144root 11241100x80000000000000006965854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8184d62d3961b12022-01-05 10:05:06.145root 11241100x80000000000000006965855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f3dc07759528a72022-01-05 10:05:06.145root 11241100x80000000000000006965856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea7b736353a79602022-01-05 10:05:06.145root 11241100x80000000000000006965857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1752af197a0fe1282022-01-05 10:05:06.145root 11241100x80000000000000006965858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9f8a9ece1173442022-01-05 10:05:06.145root 11241100x80000000000000006965859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1e99d7f606631c2022-01-05 10:05:06.145root 11241100x80000000000000006965860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d86fcc635f6b7d2022-01-05 10:05:06.146root 11241100x80000000000000006965861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559b26c57edaf9bd2022-01-05 10:05:06.146root 11241100x80000000000000006965862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69600d1b3a8239e22022-01-05 10:05:06.146root 11241100x80000000000000006965863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd16b4e55b23a412022-01-05 10:05:06.146root 11241100x80000000000000006965864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3b44cc9be04e242022-01-05 10:05:06.146root 11241100x80000000000000006965865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2330ed196b891ed62022-01-05 10:05:06.146root 11241100x80000000000000006965866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df21b3ef5655e932022-01-05 10:05:06.147root 11241100x80000000000000006965867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1f28c777c5151c2022-01-05 10:05:06.147root 11241100x80000000000000006965868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc7e675d2ad58842022-01-05 10:05:06.147root 11241100x80000000000000006965869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a739e8150c928a82022-01-05 10:05:06.147root 11241100x80000000000000006965870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8449692df0868512022-01-05 10:05:06.147root 11241100x80000000000000006965871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5799fdb4648ad52022-01-05 10:05:06.460root 11241100x80000000000000006965872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a410606b6b725dc52022-01-05 10:05:06.460root 11241100x80000000000000006965873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907ed66976d99bf82022-01-05 10:05:06.460root 11241100x80000000000000006965874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b1db8307ffd40c2022-01-05 10:05:06.460root 11241100x80000000000000006965875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ae4c193116468d2022-01-05 10:05:06.461root 11241100x80000000000000006965876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964573eb723e25bd2022-01-05 10:05:06.461root 11241100x80000000000000006965877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164cb82f04ccce332022-01-05 10:05:06.461root 11241100x80000000000000006965878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6108c0869d17242022-01-05 10:05:06.461root 11241100x80000000000000006965879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93c750708fabf092022-01-05 10:05:06.462root 11241100x80000000000000006965880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58c58fd7afb3e822022-01-05 10:05:06.462root 11241100x80000000000000006965881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f93305b77247272022-01-05 10:05:06.462root 11241100x80000000000000006965882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7467363330c643c12022-01-05 10:05:06.462root 11241100x80000000000000006965883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c3c1d97e8f8c2b2022-01-05 10:05:06.462root 11241100x80000000000000006965884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7409e42275888ea42022-01-05 10:05:06.463root 11241100x80000000000000006965885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e91e3e02b40346c2022-01-05 10:05:06.463root 11241100x80000000000000006965886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a212ca737f818f2022-01-05 10:05:06.464root 11241100x80000000000000006965887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8908d71d8153342022-01-05 10:05:06.464root 11241100x80000000000000006965888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1142a3e2454d3ce42022-01-05 10:05:06.465root 11241100x80000000000000006965889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288c7d0bcc6d5a152022-01-05 10:05:06.465root 11241100x80000000000000006965890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1d86cbcb14375a2022-01-05 10:05:06.465root 11241100x80000000000000006965891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec2f0b6c26917502022-01-05 10:05:06.465root 11241100x80000000000000006965892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650757ed039a4e832022-01-05 10:05:06.466root 11241100x80000000000000006965893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954c769a421a622a2022-01-05 10:05:06.466root 11241100x80000000000000006965894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed02b54028d5e702022-01-05 10:05:06.466root 11241100x80000000000000006965895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea26278da89e21e2022-01-05 10:05:06.959root 11241100x80000000000000006965896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b106ec2e2976026c2022-01-05 10:05:06.960root 11241100x80000000000000006965897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ffa90eb14073f52022-01-05 10:05:06.960root 11241100x80000000000000006965898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3288f528c3a4199c2022-01-05 10:05:06.960root 11241100x80000000000000006965899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce270b29d2cef7a2022-01-05 10:05:06.960root 11241100x80000000000000006965900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420e1139408345e12022-01-05 10:05:06.960root 11241100x80000000000000006965901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b720bda698db092022-01-05 10:05:06.961root 11241100x80000000000000006965902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62c1ce9f5dd0d4c2022-01-05 10:05:06.961root 11241100x80000000000000006965903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbf39b69c4e5b962022-01-05 10:05:06.961root 11241100x80000000000000006965904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c573166668441a1b2022-01-05 10:05:06.961root 11241100x80000000000000006965905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbddde1d1184bec2022-01-05 10:05:06.961root 11241100x80000000000000006965906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe770eba72a58b742022-01-05 10:05:06.961root 11241100x80000000000000006965907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b8619f1c7969002022-01-05 10:05:06.961root 11241100x80000000000000006965908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fac9f02c03ce972022-01-05 10:05:06.961root 11241100x80000000000000006965909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13308cda238ef5312022-01-05 10:05:06.961root 11241100x80000000000000006965910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e33cf9ddbe8c9f2022-01-05 10:05:06.961root 11241100x80000000000000006965911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fcbfffb8a8453e2022-01-05 10:05:06.962root 11241100x80000000000000006965912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba5af6cc601af8c2022-01-05 10:05:06.962root 11241100x80000000000000006965913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea39c460712b55782022-01-05 10:05:06.962root 11241100x80000000000000006965914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a106edd601d8ed2022-01-05 10:05:06.962root 11241100x80000000000000006965915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85067c2aad35abea2022-01-05 10:05:06.962root 11241100x80000000000000006965916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e07d97991fa3c612022-01-05 10:05:06.962root 11241100x80000000000000006965917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044d84259a11351c2022-01-05 10:05:06.962root 11241100x80000000000000006965918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c1910221b617be2022-01-05 10:05:06.962root 11241100x80000000000000006965919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09e90c383d619d82022-01-05 10:05:07.459root 11241100x80000000000000006965920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062a9c335134f2212022-01-05 10:05:07.459root 11241100x80000000000000006965921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f74110d1c9a47292022-01-05 10:05:07.459root 11241100x80000000000000006965922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01fb34e582b335a2022-01-05 10:05:07.459root 11241100x80000000000000006965923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58862e394416da382022-01-05 10:05:07.460root 11241100x80000000000000006965924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b0e27a6a9b63252022-01-05 10:05:07.460root 11241100x80000000000000006965925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b009ff53b1e70cd62022-01-05 10:05:07.460root 11241100x80000000000000006965926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f2fa4ef822442a2022-01-05 10:05:07.460root 11241100x80000000000000006965927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e56e3ac61c590672022-01-05 10:05:07.460root 11241100x80000000000000006965928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33b32230c1a40402022-01-05 10:05:07.461root 11241100x80000000000000006965929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fd617784e9144e2022-01-05 10:05:07.461root 11241100x80000000000000006965930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f64e37f16206652022-01-05 10:05:07.461root 11241100x80000000000000006965931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a70a4067eb9b352022-01-05 10:05:07.461root 11241100x80000000000000006965932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea7bf619c106f5c2022-01-05 10:05:07.461root 11241100x80000000000000006965933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e90ec698e41cf932022-01-05 10:05:07.462root 11241100x80000000000000006965934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4269622731371ca52022-01-05 10:05:07.462root 11241100x80000000000000006965935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817adb2d06b2e1162022-01-05 10:05:07.462root 11241100x80000000000000006965936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe20352558f2a52022-01-05 10:05:07.462root 11241100x80000000000000006965937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45000886daeffd62022-01-05 10:05:07.462root 11241100x80000000000000006965938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ff11e6686d9b322022-01-05 10:05:07.462root 11241100x80000000000000006965939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d6a4e9c11249642022-01-05 10:05:07.462root 11241100x80000000000000006965940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271cd7da6df047532022-01-05 10:05:07.462root 11241100x80000000000000006965941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef23a4b895b8ad212022-01-05 10:05:07.462root 11241100x80000000000000006965942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b639608f36fc2a012022-01-05 10:05:07.462root 11241100x80000000000000006965943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29262318623f7f42022-01-05 10:05:07.463root 11241100x80000000000000006965944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe3bec0ebdaffcf2022-01-05 10:05:07.960root 11241100x80000000000000006965945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6896ec305149b232022-01-05 10:05:07.960root 11241100x80000000000000006965946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790fbdf65355f67e2022-01-05 10:05:07.960root 11241100x80000000000000006965947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1130d492565144d12022-01-05 10:05:07.960root 11241100x80000000000000006965948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65e690a82efa8712022-01-05 10:05:07.960root 11241100x80000000000000006965949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9053eb7bfe7e60072022-01-05 10:05:07.960root 11241100x80000000000000006965950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b5e39d86e745432022-01-05 10:05:07.960root 11241100x80000000000000006965951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac45ce906ecb56622022-01-05 10:05:07.960root 11241100x80000000000000006965952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e222179dc4ebe87b2022-01-05 10:05:07.960root 11241100x80000000000000006965953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e25e4d15be818e2022-01-05 10:05:07.961root 11241100x80000000000000006965954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c903df3c0f0b12022-01-05 10:05:07.961root 11241100x80000000000000006965955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261ebafdf266c83f2022-01-05 10:05:07.961root 11241100x80000000000000006965956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bfa452e51edc9e2022-01-05 10:05:07.961root 11241100x80000000000000006965957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fc54f8f8902f0c2022-01-05 10:05:07.961root 11241100x80000000000000006965958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e690a91fa9a552022-01-05 10:05:07.961root 11241100x80000000000000006965959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b3b522163c52122022-01-05 10:05:07.961root 11241100x80000000000000006965960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a70c21d7c794a12022-01-05 10:05:07.961root 11241100x80000000000000006965961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a53f89f4c0a3f462022-01-05 10:05:07.962root 11241100x80000000000000006965962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c1ae454312ecaf2022-01-05 10:05:07.962root 11241100x80000000000000006965963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b76088f371d1782022-01-05 10:05:07.962root 11241100x80000000000000006965964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38943416c7468a122022-01-05 10:05:07.962root 11241100x80000000000000006965965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452ceccd1830db202022-01-05 10:05:07.962root 11241100x80000000000000006965966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d05ba1e4785ee782022-01-05 10:05:07.962root 11241100x80000000000000006965967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b19aa036b2f3f2022-01-05 10:05:07.962root 11241100x80000000000000006965968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe12b6d16a55ec392022-01-05 10:05:08.460root 11241100x80000000000000006965969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de2aa4cfe6a35412022-01-05 10:05:08.460root 11241100x80000000000000006965970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120b4c43276184682022-01-05 10:05:08.460root 11241100x80000000000000006965971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cddcfd692127b52022-01-05 10:05:08.460root 11241100x80000000000000006965972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7d9715af279fbe2022-01-05 10:05:08.460root 11241100x80000000000000006965973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d9e71a03d8ac662022-01-05 10:05:08.460root 11241100x80000000000000006965974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a0ad86bebf4bf52022-01-05 10:05:08.460root 11241100x80000000000000006965975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767758ebba9086832022-01-05 10:05:08.460root 11241100x80000000000000006965976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f361cc3b77f2b52022-01-05 10:05:08.460root 11241100x80000000000000006965977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9978732029bc7c142022-01-05 10:05:08.461root 11241100x80000000000000006965978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f595a2e17a3f9a552022-01-05 10:05:08.461root 11241100x80000000000000006965979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da36335febdac3b2022-01-05 10:05:08.461root 11241100x80000000000000006965980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3c453c8ba27c562022-01-05 10:05:08.461root 11241100x80000000000000006965981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a951ab12d56bdf2022-01-05 10:05:08.461root 11241100x80000000000000006965982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1999b6bba4bfee502022-01-05 10:05:08.461root 11241100x80000000000000006965983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b062fb79f36e1b32022-01-05 10:05:08.461root 11241100x80000000000000006965984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78c06e6e876c7022022-01-05 10:05:08.461root 11241100x80000000000000006965985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2135872bc4af0922022-01-05 10:05:08.461root 11241100x80000000000000006965986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061ff99f7fefa59a2022-01-05 10:05:08.461root 11241100x80000000000000006965987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6d94617eea63072022-01-05 10:05:08.462root 11241100x80000000000000006965988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da13977c3c9e744f2022-01-05 10:05:08.462root 11241100x80000000000000006965989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acb5336dc9ee77e2022-01-05 10:05:08.462root 11241100x80000000000000006965990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea2a7f190c9d4f52022-01-05 10:05:08.462root 11241100x80000000000000006965991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bd499285ec39652022-01-05 10:05:08.462root 11241100x80000000000000006965992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf0cece03a0c3842022-01-05 10:05:08.959root 11241100x80000000000000006965993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5087ed80f73e852022-01-05 10:05:08.959root 11241100x80000000000000006965994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b20395da908d932022-01-05 10:05:08.959root 11241100x80000000000000006965995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341008185441ad232022-01-05 10:05:08.960root 11241100x80000000000000006965996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c12b42d0a7075232022-01-05 10:05:08.960root 11241100x80000000000000006965997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6ff1007432a34e2022-01-05 10:05:08.960root 11241100x80000000000000006965998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1f086f1212c0962022-01-05 10:05:08.960root 11241100x80000000000000006965999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00948fe84588d21f2022-01-05 10:05:08.960root 11241100x80000000000000006966000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921a7a4bbb299b4b2022-01-05 10:05:08.960root 11241100x80000000000000006966001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfa01e4e33b0ea12022-01-05 10:05:08.960root 11241100x80000000000000006966002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db4a7885e58ae462022-01-05 10:05:08.960root 11241100x80000000000000006966003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dafe630e830b9f2022-01-05 10:05:08.960root 11241100x80000000000000006966004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21883ed2a140bf0e2022-01-05 10:05:08.961root 11241100x80000000000000006966005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e31f94537191c2022-01-05 10:05:08.961root 11241100x80000000000000006966006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf50e530c39e9c72022-01-05 10:05:08.961root 11241100x80000000000000006966007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38adc4996dff3412022-01-05 10:05:08.961root 11241100x80000000000000006966008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdeefe6edfd8ea782022-01-05 10:05:08.961root 11241100x80000000000000006966009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c30877ec4d7fd2d2022-01-05 10:05:08.961root 11241100x80000000000000006966010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72ad052654772942022-01-05 10:05:08.962root 11241100x80000000000000006966011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562a7025f7e4e35b2022-01-05 10:05:08.962root 11241100x80000000000000006966012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1ed4239aea02292022-01-05 10:05:08.962root 11241100x80000000000000006966013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effc0109e107a42a2022-01-05 10:05:08.962root 11241100x80000000000000006966014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c56c039415797482022-01-05 10:05:08.962root 11241100x80000000000000006966015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdaa76c9dcb76042022-01-05 10:05:08.962root 11241100x80000000000000006966016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413255f742159a8b2022-01-05 10:05:09.460root 11241100x80000000000000006966017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082cc982edc4d1e82022-01-05 10:05:09.460root 11241100x80000000000000006966018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d60c8c3027db6f2022-01-05 10:05:09.460root 11241100x80000000000000006966019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15eb6fdfd701a542022-01-05 10:05:09.460root 11241100x80000000000000006966020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfc43f4c02648ff2022-01-05 10:05:09.460root 11241100x80000000000000006966021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b3b89ab9b079132022-01-05 10:05:09.461root 11241100x80000000000000006966022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54372316446ce8a32022-01-05 10:05:09.461root 11241100x80000000000000006966023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f546361e1c015db2022-01-05 10:05:09.461root 11241100x80000000000000006966024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25865c613c8a40992022-01-05 10:05:09.461root 11241100x80000000000000006966025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74853419e67f6742022-01-05 10:05:09.461root 11241100x80000000000000006966026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47d443fd23617762022-01-05 10:05:09.461root 11241100x80000000000000006966027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7ed7d3d81f9a872022-01-05 10:05:09.461root 11241100x80000000000000006966028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7a7b20946b737f2022-01-05 10:05:09.462root 11241100x80000000000000006966029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b201142a242b9752022-01-05 10:05:09.462root 11241100x80000000000000006966030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d38aa271805aa172022-01-05 10:05:09.462root 11241100x80000000000000006966031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5158ba498cfe442022-01-05 10:05:09.463root 11241100x80000000000000006966032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d853ead61d95a552022-01-05 10:05:09.463root 11241100x80000000000000006966033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4127035b40ac53d2022-01-05 10:05:09.463root 11241100x80000000000000006966034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde76201005f90f42022-01-05 10:05:09.463root 11241100x80000000000000006966035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70586b71bd48bb02022-01-05 10:05:09.463root 11241100x80000000000000006966036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabee3262648543e2022-01-05 10:05:09.463root 11241100x80000000000000006966037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5363d5abbe5d98b2022-01-05 10:05:09.464root 11241100x80000000000000006966038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774f71aed0ee04e72022-01-05 10:05:09.464root 11241100x80000000000000006966039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3f5618787f25222022-01-05 10:05:09.464root 11241100x80000000000000006966040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463c7c27546cb2a82022-01-05 10:05:09.959root 11241100x80000000000000006966041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619b1b7e3704bd312022-01-05 10:05:09.959root 11241100x80000000000000006966042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d1592f6f94f00a2022-01-05 10:05:09.960root 11241100x80000000000000006966043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339efd95170644a12022-01-05 10:05:09.960root 11241100x80000000000000006966044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d604c29e2dd30f0e2022-01-05 10:05:09.960root 11241100x80000000000000006966045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28254b8baab75d702022-01-05 10:05:09.960root 11241100x80000000000000006966046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad605a2958d965762022-01-05 10:05:09.960root 11241100x80000000000000006966047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7c0b17620f9da42022-01-05 10:05:09.960root 11241100x80000000000000006966048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f3d5e4416c54372022-01-05 10:05:09.960root 11241100x80000000000000006966049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a585f6d8a62912752022-01-05 10:05:09.961root 11241100x80000000000000006966050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebbfc60829788542022-01-05 10:05:09.961root 11241100x80000000000000006966051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2b65daf9714f442022-01-05 10:05:09.961root 11241100x80000000000000006966052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1698fc0a3e5f12a52022-01-05 10:05:09.961root 11241100x80000000000000006966053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62924e5136aa083f2022-01-05 10:05:09.961root 11241100x80000000000000006966054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec61cd9ad725b21e2022-01-05 10:05:09.961root 11241100x80000000000000006966055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4f7f514a2a04492022-01-05 10:05:09.961root 11241100x80000000000000006966056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc58869f7128d4d92022-01-05 10:05:09.962root 11241100x80000000000000006966057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76067ba2b4decaa2022-01-05 10:05:09.962root 11241100x80000000000000006966058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6b04b84c4a66512022-01-05 10:05:09.962root 11241100x80000000000000006966059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd71a8c1fdc9c912022-01-05 10:05:09.962root 11241100x80000000000000006966060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965c0c2438ef74582022-01-05 10:05:09.962root 11241100x80000000000000006966061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e93eb918bcca7a92022-01-05 10:05:09.962root 11241100x80000000000000006966062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd885bd127f1d11b2022-01-05 10:05:09.962root 11241100x80000000000000006966063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da768ebab2b1d3242022-01-05 10:05:09.962root 11241100x80000000000000006966064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fefa20b1b886cfb2022-01-05 10:05:09.962root 11241100x80000000000000006966065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbd65ed2d9723a22022-01-05 10:05:09.963root 11241100x80000000000000006966066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a2a85f44cd2a942022-01-05 10:05:09.963root 11241100x80000000000000006966067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9e257a397485392022-01-05 10:05:09.963root 11241100x80000000000000006966068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a230f246c3e832462022-01-05 10:05:09.963root 11241100x80000000000000006966069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b1257358fe2eef2022-01-05 10:05:10.460root 11241100x80000000000000006966070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82bb12d85bd3a392022-01-05 10:05:10.460root 11241100x80000000000000006966071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3c690b9a3a7e902022-01-05 10:05:10.460root 11241100x80000000000000006966072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101fcbfcdf974f3e2022-01-05 10:05:10.460root 11241100x80000000000000006966073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1dba6ed2db80132022-01-05 10:05:10.460root 11241100x80000000000000006966074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c310f5b5d70ffbe2022-01-05 10:05:10.460root 11241100x80000000000000006966075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09edfa703411f1622022-01-05 10:05:10.461root 11241100x80000000000000006966076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abf324dee4e54502022-01-05 10:05:10.461root 11241100x80000000000000006966077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bfc01ca5ece01c2022-01-05 10:05:10.461root 11241100x80000000000000006966078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b18c29c07ed7d702022-01-05 10:05:10.461root 11241100x80000000000000006966079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81eb9b8103e43a692022-01-05 10:05:10.462root 11241100x80000000000000006966080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf9674b7f0084d32022-01-05 10:05:10.462root 11241100x80000000000000006966081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2c7bdafba236ed2022-01-05 10:05:10.462root 11241100x80000000000000006966082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab5ac79ff3a609c2022-01-05 10:05:10.462root 11241100x80000000000000006966083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736522eeaf6ecf242022-01-05 10:05:10.462root 11241100x80000000000000006966084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd4367c99f54b282022-01-05 10:05:10.462root 11241100x80000000000000006966085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a03e17987d13cdc2022-01-05 10:05:10.462root 11241100x80000000000000006966086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846dc29bad8e83922022-01-05 10:05:10.462root 11241100x80000000000000006966087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226a473b9f25603b2022-01-05 10:05:10.463root 11241100x80000000000000006966088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc166dca452d6a22022-01-05 10:05:10.463root 11241100x80000000000000006966089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39989931bfa174e92022-01-05 10:05:10.463root 11241100x80000000000000006966090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db89ccedb8a91292022-01-05 10:05:10.463root 11241100x80000000000000006966091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafd499d60965e672022-01-05 10:05:10.463root 11241100x80000000000000006966092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eee35cafe477892022-01-05 10:05:10.463root 11241100x80000000000000006966093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0ff93c4982e8672022-01-05 10:05:10.959root 11241100x80000000000000006966094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6982e49cc19488a52022-01-05 10:05:10.959root 11241100x80000000000000006966095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535e94c0a45b0d0d2022-01-05 10:05:10.959root 11241100x80000000000000006966096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27c9b9cd0e09ee22022-01-05 10:05:10.960root 11241100x80000000000000006966097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd0c1585ae376e52022-01-05 10:05:10.960root 11241100x80000000000000006966098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7773ea63c33e422022-01-05 10:05:10.960root 11241100x80000000000000006966099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8dd725807909862022-01-05 10:05:10.960root 11241100x80000000000000006966100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ac57ddc96dfb492022-01-05 10:05:10.960root 11241100x80000000000000006966101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9abb43dc7b9e5c2022-01-05 10:05:10.960root 11241100x80000000000000006966102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c87ff78903d36102022-01-05 10:05:10.960root 11241100x80000000000000006966103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce1b62a0f063fa22022-01-05 10:05:10.960root 11241100x80000000000000006966104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37817c7f56285112022-01-05 10:05:10.961root 11241100x80000000000000006966105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fe8d56304c0ce32022-01-05 10:05:10.961root 11241100x80000000000000006966106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c14b3bb766002b32022-01-05 10:05:10.961root 11241100x80000000000000006966107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2cc1a7602a1c242022-01-05 10:05:10.961root 11241100x80000000000000006966108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92de4e6f3f8314cd2022-01-05 10:05:10.961root 11241100x80000000000000006966109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe5ff80f84fcbc2022-01-05 10:05:10.961root 11241100x80000000000000006966110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068afac1b53771b62022-01-05 10:05:10.961root 11241100x80000000000000006966111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7615c0c77826e82022-01-05 10:05:10.961root 11241100x80000000000000006966112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7436d32445a8d42022-01-05 10:05:10.962root 11241100x80000000000000006966113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffc4a725efaca8f2022-01-05 10:05:10.962root 11241100x80000000000000006966114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da83a1a568d1a052022-01-05 10:05:10.962root 11241100x80000000000000006966115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14635b711dbef612022-01-05 10:05:10.962root 11241100x80000000000000006966116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508c3ab816ce39da2022-01-05 10:05:10.962root 11241100x80000000000000006966117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df77d9419b6876552022-01-05 10:05:10.962root 11241100x80000000000000006966118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9456187ceb822b122022-01-05 10:05:10.962root 11241100x80000000000000006966119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c01d34f182c90042022-01-05 10:05:10.962root 11241100x80000000000000006966120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8888a4088e52aeb62022-01-05 10:05:10.963root 354300x80000000000000006966121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.156{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41774-false10.0.1.12-8000- 11241100x80000000000000006966122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a70ab11049e94b2022-01-05 10:05:11.459root 11241100x80000000000000006966123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489f9de29e86ad22022-01-05 10:05:11.459root 11241100x80000000000000006966124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414efbd0799183f12022-01-05 10:05:11.460root 11241100x80000000000000006966125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0b3bf8f14470752022-01-05 10:05:11.460root 11241100x80000000000000006966126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80e07684c62bbe52022-01-05 10:05:11.460root 11241100x80000000000000006966127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985316bd87a3aa4f2022-01-05 10:05:11.460root 11241100x80000000000000006966128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a93ce23492b9c32022-01-05 10:05:11.460root 11241100x80000000000000006966129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4f5b4076d8359c2022-01-05 10:05:11.460root 11241100x80000000000000006966130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181725b6c0d53b992022-01-05 10:05:11.460root 11241100x80000000000000006966131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96016d53bb22eb6e2022-01-05 10:05:11.460root 11241100x80000000000000006966132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dcfe19fe9b27942022-01-05 10:05:11.461root 11241100x80000000000000006966133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f524d5939e0ba012022-01-05 10:05:11.461root 11241100x80000000000000006966134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a55cdad2dd5ec2022-01-05 10:05:11.461root 11241100x80000000000000006966135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abfaae301266cde2022-01-05 10:05:11.462root 11241100x80000000000000006966136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d869a8ab96e1762022-01-05 10:05:11.462root 11241100x80000000000000006966137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961c08b7ba7b37862022-01-05 10:05:11.462root 11241100x80000000000000006966138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb50c14c2c4181da2022-01-05 10:05:11.462root 11241100x80000000000000006966139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bee7ae74fb9b7d2022-01-05 10:05:11.462root 11241100x80000000000000006966140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d8d3cf4fa885912022-01-05 10:05:11.462root 11241100x80000000000000006966141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eac987971dc00de2022-01-05 10:05:11.462root 11241100x80000000000000006966142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbc5dcc2a65a49f2022-01-05 10:05:11.462root 11241100x80000000000000006966143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdccd9458cc3f642022-01-05 10:05:11.462root 11241100x80000000000000006966144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163786a4c2d142572022-01-05 10:05:11.463root 11241100x80000000000000006966145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e16d521beda276b2022-01-05 10:05:11.463root 11241100x80000000000000006966146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519a1bcbe55387242022-01-05 10:05:11.463root 11241100x80000000000000006966147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04209aecba3dd0d52022-01-05 10:05:11.463root 11241100x80000000000000006966148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb8565ac5db78da2022-01-05 10:05:11.959root 11241100x80000000000000006966149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4a1d1913a34f902022-01-05 10:05:11.960root 11241100x80000000000000006966150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ac66ff000653052022-01-05 10:05:11.960root 11241100x80000000000000006966151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4335ee813ad2c8162022-01-05 10:05:11.960root 11241100x80000000000000006966152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9e75c2408a59a12022-01-05 10:05:11.960root 11241100x80000000000000006966153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62ab3706bec1e8d2022-01-05 10:05:11.960root 11241100x80000000000000006966154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28893a3856425bb32022-01-05 10:05:11.960root 11241100x80000000000000006966155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84aac1acd8144cc52022-01-05 10:05:11.961root 11241100x80000000000000006966156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2059fe1339eb88902022-01-05 10:05:11.961root 11241100x80000000000000006966157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7683bcaf0338b642022-01-05 10:05:11.961root 11241100x80000000000000006966158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ee1eec2d0b4ea52022-01-05 10:05:11.961root 11241100x80000000000000006966159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b71f8a85c384392022-01-05 10:05:11.961root 11241100x80000000000000006966160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47791798eb8c22e2022-01-05 10:05:11.961root 11241100x80000000000000006966161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913df4567c7b00d42022-01-05 10:05:11.962root 11241100x80000000000000006966162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb994e9b208109862022-01-05 10:05:11.962root 11241100x80000000000000006966163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585ca21998af72ca2022-01-05 10:05:11.962root 11241100x80000000000000006966164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c81ed683f6da8c62022-01-05 10:05:11.962root 11241100x80000000000000006966165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54015e493aea44042022-01-05 10:05:11.962root 11241100x80000000000000006966166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ff92ac29fcad602022-01-05 10:05:11.962root 11241100x80000000000000006966167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710735143ab0eaab2022-01-05 10:05:11.962root 11241100x80000000000000006966168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8720192b76fe5b2022-01-05 10:05:11.963root 11241100x80000000000000006966169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d3af78ba78629d2022-01-05 10:05:11.963root 11241100x80000000000000006966170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684048d6fcf47eb82022-01-05 10:05:11.963root 11241100x80000000000000006966171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29ec78515cc78042022-01-05 10:05:11.963root 11241100x80000000000000006966172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:11.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d5b19ecce6a8d72022-01-05 10:05:11.963root 11241100x80000000000000006966173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4112e518282fc1752022-01-05 10:05:12.459root 11241100x80000000000000006966174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1746f40b5b236bae2022-01-05 10:05:12.460root 11241100x80000000000000006966175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b711ea8b980d1b6f2022-01-05 10:05:12.460root 11241100x80000000000000006966176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350944099d8777432022-01-05 10:05:12.460root 11241100x80000000000000006966177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad72fe3893161812022-01-05 10:05:12.460root 11241100x80000000000000006966178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b775753b477084e32022-01-05 10:05:12.460root 11241100x80000000000000006966179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fcd47a44e935652022-01-05 10:05:12.460root 11241100x80000000000000006966180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc540cc321dfbf32022-01-05 10:05:12.460root 11241100x80000000000000006966181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adf10c783fa34752022-01-05 10:05:12.460root 11241100x80000000000000006966182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cac4ed048d61f92022-01-05 10:05:12.460root 11241100x80000000000000006966183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc858ba54ba30f7a2022-01-05 10:05:12.460root 11241100x80000000000000006966184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e16586511fbed82022-01-05 10:05:12.460root 11241100x80000000000000006966185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1b888bc0bb33302022-01-05 10:05:12.461root 11241100x80000000000000006966186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69689d5ea95026e22022-01-05 10:05:12.461root 11241100x80000000000000006966187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a33c06f4675c9812022-01-05 10:05:12.461root 11241100x80000000000000006966188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0742de8c9bd470a52022-01-05 10:05:12.461root 11241100x80000000000000006966189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f68658083e2aa72022-01-05 10:05:12.461root 11241100x80000000000000006966190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb8397cc0baca42022-01-05 10:05:12.461root 11241100x80000000000000006966191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b717a924f124e52022-01-05 10:05:12.461root 11241100x80000000000000006966192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceb1a5f2668063d2022-01-05 10:05:12.461root 11241100x80000000000000006966193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b07282bf5be11822022-01-05 10:05:12.461root 11241100x80000000000000006966194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fce09f178e2b932022-01-05 10:05:12.462root 11241100x80000000000000006966195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b48ed374ee0e8d22022-01-05 10:05:12.462root 11241100x80000000000000006966196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2019fd6920a186f12022-01-05 10:05:12.462root 11241100x80000000000000006966197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e7ab38042aa02f2022-01-05 10:05:12.462root 11241100x80000000000000006966198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2570a79a7ded3c372022-01-05 10:05:12.959root 11241100x80000000000000006966199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd270cb4be220a02022-01-05 10:05:12.959root 11241100x80000000000000006966200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6ce2230176257e2022-01-05 10:05:12.959root 11241100x80000000000000006966201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e8ea6283df20832022-01-05 10:05:12.960root 11241100x80000000000000006966202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb369e9d18f0701e2022-01-05 10:05:12.960root 11241100x80000000000000006966203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cda37fe1fecd782022-01-05 10:05:12.960root 11241100x80000000000000006966204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194a85e43f10c7b2022-01-05 10:05:12.960root 11241100x80000000000000006966205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36c6d8cd5ab4f612022-01-05 10:05:12.960root 11241100x80000000000000006966206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884fd118b9c5ebb72022-01-05 10:05:12.960root 11241100x80000000000000006966207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d586d8aada1706842022-01-05 10:05:12.960root 11241100x80000000000000006966208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16647dcd0f98ccf02022-01-05 10:05:12.961root 11241100x80000000000000006966209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7273ee248d61082022-01-05 10:05:12.961root 11241100x80000000000000006966210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e91a43e2b6ce6bb2022-01-05 10:05:12.961root 11241100x80000000000000006966211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88582f03f48b49b2022-01-05 10:05:12.961root 11241100x80000000000000006966212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b674e9420537321c2022-01-05 10:05:12.961root 11241100x80000000000000006966213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d229eade2ca517b2022-01-05 10:05:12.961root 11241100x80000000000000006966214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f1a278803db6fa2022-01-05 10:05:12.961root 11241100x80000000000000006966215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca2908ed4444e792022-01-05 10:05:12.961root 11241100x80000000000000006966216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c04aaaccbf375f32022-01-05 10:05:12.961root 11241100x80000000000000006966217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bc9a9967ffd4a82022-01-05 10:05:12.961root 11241100x80000000000000006966218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237afda2b7a820412022-01-05 10:05:12.961root 11241100x80000000000000006966219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2cfc1dfa3f19c72022-01-05 10:05:12.962root 11241100x80000000000000006966220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115b99a7abd909b62022-01-05 10:05:12.962root 11241100x80000000000000006966221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129fd32f64aa89c02022-01-05 10:05:12.962root 11241100x80000000000000006966222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fec8f224ec80b82022-01-05 10:05:12.962root 11241100x80000000000000006966223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef53614fae0ff6362022-01-05 10:05:12.962root 11241100x80000000000000006966224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f638b29624d7ae62022-01-05 10:05:12.962root 11241100x80000000000000006966225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984c8430a3c49d372022-01-05 10:05:12.962root 11241100x80000000000000006966226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b2ca05f764d2c82022-01-05 10:05:12.962root 11241100x80000000000000006966227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fd78ada6e59e812022-01-05 10:05:12.962root 11241100x80000000000000006966228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93b4c71ae1200972022-01-05 10:05:12.963root 11241100x80000000000000006966229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b768d930b24148f72022-01-05 10:05:12.963root 11241100x80000000000000006966230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2965ef8c190112022-01-05 10:05:12.963root 11241100x80000000000000006966231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:12.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dbe08b7e35b8412022-01-05 10:05:12.963root 11241100x80000000000000006966232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1924c0c30e91582022-01-05 10:05:13.459root 11241100x80000000000000006966233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48945d9a2aee27352022-01-05 10:05:13.459root 11241100x80000000000000006966234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b2559ac68b76bf2022-01-05 10:05:13.460root 11241100x80000000000000006966235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90446f0275c0df852022-01-05 10:05:13.460root 11241100x80000000000000006966236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27498d0e6f3893652022-01-05 10:05:13.460root 11241100x80000000000000006966237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7135b8eb20a2c5ed2022-01-05 10:05:13.460root 11241100x80000000000000006966238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282eadc238ccb9f12022-01-05 10:05:13.460root 11241100x80000000000000006966239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f03c8cc4b7be62d2022-01-05 10:05:13.460root 11241100x80000000000000006966240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b254cb5e57f794862022-01-05 10:05:13.460root 11241100x80000000000000006966241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301677f66f48af932022-01-05 10:05:13.460root 11241100x80000000000000006966242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865000b36ca1931e2022-01-05 10:05:13.460root 11241100x80000000000000006966243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6786ef34bb6dc0e2022-01-05 10:05:13.460root 11241100x80000000000000006966244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe8a1b7c97a4db02022-01-05 10:05:13.460root 11241100x80000000000000006966245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae263606d3948ab2022-01-05 10:05:13.460root 11241100x80000000000000006966246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eba63159b9c32b62022-01-05 10:05:13.461root 11241100x80000000000000006966247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80362ca568443e012022-01-05 10:05:13.461root 11241100x80000000000000006966248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9daaf22e0afd06ab2022-01-05 10:05:13.461root 11241100x80000000000000006966249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7c28080f3da7ab2022-01-05 10:05:13.461root 11241100x80000000000000006966250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a1cc0c2e2277032022-01-05 10:05:13.461root 11241100x80000000000000006966251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771112bbf0ddff2f2022-01-05 10:05:13.461root 11241100x80000000000000006966252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76700248db9326372022-01-05 10:05:13.462root 11241100x80000000000000006966253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6274d74acec03d6b2022-01-05 10:05:13.462root 11241100x80000000000000006966254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266f8eb6e82817d12022-01-05 10:05:13.462root 11241100x80000000000000006966255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580b61411b607b382022-01-05 10:05:13.462root 11241100x80000000000000006966256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3047d4f1ba1b0e232022-01-05 10:05:13.462root 11241100x80000000000000006966257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11595ab62ccd83f02022-01-05 10:05:13.960root 11241100x80000000000000006966258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5614519c056de3d12022-01-05 10:05:13.960root 11241100x80000000000000006966259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b08ecc58ce977d12022-01-05 10:05:13.960root 11241100x80000000000000006966260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58cd74cb56555f52022-01-05 10:05:13.960root 11241100x80000000000000006966261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d078f13030f0d782022-01-05 10:05:13.960root 11241100x80000000000000006966262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d245bcf4452160cf2022-01-05 10:05:13.961root 11241100x80000000000000006966263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a393fee2b34aec6a2022-01-05 10:05:13.961root 11241100x80000000000000006966264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29739758ae3ccb62022-01-05 10:05:13.961root 11241100x80000000000000006966265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d430de049cc80fc82022-01-05 10:05:13.961root 11241100x80000000000000006966266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b003dbc4b3ac1a2022-01-05 10:05:13.961root 11241100x80000000000000006966267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d456ac3fb5b00e82022-01-05 10:05:13.961root 11241100x80000000000000006966268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46abf6fec6232c012022-01-05 10:05:13.962root 11241100x80000000000000006966269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a01dc56e25bbb932022-01-05 10:05:13.962root 11241100x80000000000000006966270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9761e8ea821dbaf2022-01-05 10:05:13.962root 11241100x80000000000000006966271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1179cbc23d312b12022-01-05 10:05:13.962root 11241100x80000000000000006966272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301f7c3f8c1c35bb2022-01-05 10:05:13.962root 11241100x80000000000000006966273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db88053e23e4347e2022-01-05 10:05:13.963root 11241100x80000000000000006966274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c721490764a16df2022-01-05 10:05:13.963root 11241100x80000000000000006966275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d188ae01b435832022-01-05 10:05:13.963root 11241100x80000000000000006966276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b5eb3c70b856902022-01-05 10:05:13.963root 11241100x80000000000000006966277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f520b375c020d4b2022-01-05 10:05:13.964root 11241100x80000000000000006966278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534250bba18ad2ba2022-01-05 10:05:13.964root 11241100x80000000000000006966279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43999f16bc96b1aa2022-01-05 10:05:13.964root 11241100x80000000000000006966280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054eca99957f2aca2022-01-05 10:05:13.964root 11241100x80000000000000006966281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:13.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c59624bc7e386e2022-01-05 10:05:13.964root 11241100x80000000000000006966282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605c716bf4c6ae6f2022-01-05 10:05:14.460root 11241100x80000000000000006966283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f393738ff575472022-01-05 10:05:14.460root 11241100x80000000000000006966284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4758114e9802ad9c2022-01-05 10:05:14.460root 11241100x80000000000000006966285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d4a07a06bb0b632022-01-05 10:05:14.460root 11241100x80000000000000006966286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7403c6f6c1706c512022-01-05 10:05:14.460root 11241100x80000000000000006966287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d558751588a7bf2022-01-05 10:05:14.460root 11241100x80000000000000006966288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc25700d5d916792022-01-05 10:05:14.460root 11241100x80000000000000006966289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fbc80e2485130d2022-01-05 10:05:14.460root 11241100x80000000000000006966290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc79d139c167e1af2022-01-05 10:05:14.460root 11241100x80000000000000006966291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a10a22ae24154792022-01-05 10:05:14.461root 11241100x80000000000000006966292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9888c304fe05c70d2022-01-05 10:05:14.461root 11241100x80000000000000006966293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718d524c9913f8c32022-01-05 10:05:14.461root 11241100x80000000000000006966294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8c0e9c5128937e2022-01-05 10:05:14.461root 11241100x80000000000000006966295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e38ec8caa311662022-01-05 10:05:14.461root 11241100x80000000000000006966296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaf3824791d2aa02022-01-05 10:05:14.461root 11241100x80000000000000006966297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87ea2ceb836a1172022-01-05 10:05:14.462root 11241100x80000000000000006966298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0692fb994f70d3ce2022-01-05 10:05:14.462root 11241100x80000000000000006966299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54ee7fc7e2709d02022-01-05 10:05:14.462root 11241100x80000000000000006966300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2bed28e19b72992022-01-05 10:05:14.462root 11241100x80000000000000006966301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc99511faeca5e622022-01-05 10:05:14.462root 11241100x80000000000000006966302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004e7464f3bad9352022-01-05 10:05:14.462root 11241100x80000000000000006966303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28907122d5a8c8a52022-01-05 10:05:14.463root 11241100x80000000000000006966304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009a02eb8612c88d2022-01-05 10:05:14.463root 11241100x80000000000000006966305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082c6bf064d88ced2022-01-05 10:05:14.463root 11241100x80000000000000006966306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aee5ec943c1f2e2022-01-05 10:05:14.463root 11241100x80000000000000006966307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d306a0facadebf2022-01-05 10:05:14.959root 11241100x80000000000000006966308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df37a0f63a859682022-01-05 10:05:14.959root 11241100x80000000000000006966309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1614576b41aac80b2022-01-05 10:05:14.959root 11241100x80000000000000006966310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96251c9c1a59ee872022-01-05 10:05:14.959root 11241100x80000000000000006966311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939496f71d15e45b2022-01-05 10:05:14.959root 11241100x80000000000000006966312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1633c69811805362022-01-05 10:05:14.960root 11241100x80000000000000006966313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f73330c817dd9b2022-01-05 10:05:14.960root 11241100x80000000000000006966314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d929f7596768a9662022-01-05 10:05:14.960root 11241100x80000000000000006966315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e6d7e4e29af95d2022-01-05 10:05:14.960root 11241100x80000000000000006966316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd521d727d8b42a2022-01-05 10:05:14.960root 11241100x80000000000000006966317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8fac9a711191642022-01-05 10:05:14.960root 11241100x80000000000000006966318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb2155c497dae842022-01-05 10:05:14.960root 11241100x80000000000000006966319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0101dfb4a624c0b42022-01-05 10:05:14.961root 11241100x80000000000000006966320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37993aa04b9188eb2022-01-05 10:05:14.961root 11241100x80000000000000006966321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb2b4b978f446942022-01-05 10:05:14.961root 11241100x80000000000000006966322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6391016e01a38622022-01-05 10:05:14.961root 11241100x80000000000000006966323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd955b07acb276c2022-01-05 10:05:14.961root 11241100x80000000000000006966324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cd6cbeb7a2c6402022-01-05 10:05:14.961root 11241100x80000000000000006966325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3df88ba3efece42022-01-05 10:05:14.962root 11241100x80000000000000006966326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c884b5315ac8f82c2022-01-05 10:05:14.962root 11241100x80000000000000006966327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741fbec70d2b549d2022-01-05 10:05:14.962root 11241100x80000000000000006966328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b80938494d7f52e2022-01-05 10:05:14.962root 11241100x80000000000000006966329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80efa6a4c9bbdf4e2022-01-05 10:05:14.962root 11241100x80000000000000006966330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b42afa7a23254262022-01-05 10:05:14.962root 11241100x80000000000000006966331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34250cc90547eb312022-01-05 10:05:14.963root 11241100x80000000000000006966332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671a8e3c2db7d5272022-01-05 10:05:14.963root 11241100x80000000000000006966333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c6781470c2ed102022-01-05 10:05:14.963root 11241100x80000000000000006966334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27e88ddd5ea672a2022-01-05 10:05:14.963root 11241100x80000000000000006966335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7104c05460af54c82022-01-05 10:05:14.964root 11241100x80000000000000006966336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a90008c53d885cb2022-01-05 10:05:14.964root 11241100x80000000000000006966337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6876218feb3ae7f2022-01-05 10:05:14.964root 11241100x80000000000000006966338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:14.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa7530361d35ce82022-01-05 10:05:14.964root 11241100x80000000000000006966339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad214e35ce696902022-01-05 10:05:15.460root 11241100x80000000000000006966340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082dcf748b3f487b2022-01-05 10:05:15.460root 11241100x80000000000000006966341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a4190d2a8b4d812022-01-05 10:05:15.460root 11241100x80000000000000006966342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db2cb1ce936ca672022-01-05 10:05:15.460root 11241100x80000000000000006966343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ca3b4d0745aca92022-01-05 10:05:15.460root 11241100x80000000000000006966344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933de3886355be6a2022-01-05 10:05:15.460root 11241100x80000000000000006966345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de0a172f4c41e8a2022-01-05 10:05:15.461root 11241100x80000000000000006966346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2e169cbf087b692022-01-05 10:05:15.461root 11241100x80000000000000006966347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdebf06073d85ab2022-01-05 10:05:15.461root 11241100x80000000000000006966348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efef7aa80021d46f2022-01-05 10:05:15.461root 11241100x80000000000000006966349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055e8ca344775d5f2022-01-05 10:05:15.461root 11241100x80000000000000006966350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e0b8ac30553f332022-01-05 10:05:15.461root 11241100x80000000000000006966351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2adfba587803912022-01-05 10:05:15.461root 11241100x80000000000000006966352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4be321970f06072022-01-05 10:05:15.462root 11241100x80000000000000006966353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa841bd21bf3fc72022-01-05 10:05:15.462root 11241100x80000000000000006966354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b623e326d1a67322022-01-05 10:05:15.462root 11241100x80000000000000006966355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921921fdc19831d02022-01-05 10:05:15.462root 11241100x80000000000000006966356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ada2814d05036b2022-01-05 10:05:15.462root 11241100x80000000000000006966357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b3583f227f0ac82022-01-05 10:05:15.462root 11241100x80000000000000006966358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c83774dbff348b82022-01-05 10:05:15.463root 11241100x80000000000000006966359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8240df97a12050a12022-01-05 10:05:15.463root 11241100x80000000000000006966360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f44a65b674634f92022-01-05 10:05:15.463root 11241100x80000000000000006966361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f492a833bd032f32022-01-05 10:05:15.464root 11241100x80000000000000006966362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0659b70f5d6c25642022-01-05 10:05:15.464root 11241100x80000000000000006966363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509f20d8125812d52022-01-05 10:05:15.464root 11241100x80000000000000006966364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb5cb4a4fb0b2692022-01-05 10:05:15.960root 11241100x80000000000000006966365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ff51062f64ebbf2022-01-05 10:05:15.960root 11241100x80000000000000006966366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cc00afd04507372022-01-05 10:05:15.960root 11241100x80000000000000006966367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70def044894c4a632022-01-05 10:05:15.960root 11241100x80000000000000006966368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8355fdf5cf618d322022-01-05 10:05:15.960root 11241100x80000000000000006966369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3412f1cd265aa52022-01-05 10:05:15.960root 11241100x80000000000000006966370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c7c428ec0753e22022-01-05 10:05:15.960root 11241100x80000000000000006966371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb410fc4efb703302022-01-05 10:05:15.960root 11241100x80000000000000006966372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a813fcab8080be2022-01-05 10:05:15.960root 11241100x80000000000000006966373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c50d97872b8a9a82022-01-05 10:05:15.960root 11241100x80000000000000006966374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d977fd3c14caff2022-01-05 10:05:15.960root 11241100x80000000000000006966375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b308cc2ba5198cf82022-01-05 10:05:15.961root 11241100x80000000000000006966376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd917fdbf32ac112022-01-05 10:05:15.961root 11241100x80000000000000006966377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56987e662904bef62022-01-05 10:05:15.961root 11241100x80000000000000006966378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c0b0aa4d0251b42022-01-05 10:05:15.961root 11241100x80000000000000006966379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c022c8f08abdb3272022-01-05 10:05:15.961root 11241100x80000000000000006966380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeafeb3cbefe828c2022-01-05 10:05:15.961root 11241100x80000000000000006966381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c36da5555b14c92022-01-05 10:05:15.961root 11241100x80000000000000006966382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17a9f5364a91d462022-01-05 10:05:15.961root 11241100x80000000000000006966383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56041e1914b37122022-01-05 10:05:15.961root 11241100x80000000000000006966384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560c98024224db182022-01-05 10:05:15.961root 11241100x80000000000000006966385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e8d15c81195e712022-01-05 10:05:15.961root 11241100x80000000000000006966386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec34922207d115a32022-01-05 10:05:15.961root 11241100x80000000000000006966387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1016c5e001e1b75e2022-01-05 10:05:15.961root 11241100x80000000000000006966388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439c45d18e8b68262022-01-05 10:05:15.961root 354300x80000000000000006966389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.215{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41776-false10.0.1.12-8000- 11241100x80000000000000006966390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb635da52c980bb52022-01-05 10:05:16.217root 11241100x80000000000000006966391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb898cd7b67c7e672022-01-05 10:05:16.217root 11241100x80000000000000006966392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ad561ddde65df22022-01-05 10:05:16.217root 11241100x80000000000000006966393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987b99f569b9e8322022-01-05 10:05:16.218root 11241100x80000000000000006966394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e7ca03f0936e82022-01-05 10:05:16.218root 11241100x80000000000000006966395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b55481307cc9abb2022-01-05 10:05:16.218root 11241100x80000000000000006966396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de4ae9311e23e782022-01-05 10:05:16.218root 11241100x80000000000000006966397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ec48e8b42c13a82022-01-05 10:05:16.219root 11241100x80000000000000006966398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d50b7550f953852022-01-05 10:05:16.219root 11241100x80000000000000006966399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4521ac4852a3b22022-01-05 10:05:16.219root 11241100x80000000000000006966400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d51105aa0b2c5702022-01-05 10:05:16.219root 11241100x80000000000000006966401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82eafc57952d78c2022-01-05 10:05:16.219root 11241100x80000000000000006966402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ed23ec7e765e7b2022-01-05 10:05:16.219root 11241100x80000000000000006966403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ed5eae6a3186862022-01-05 10:05:16.219root 11241100x80000000000000006966404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cda1d1dd28df0972022-01-05 10:05:16.220root 11241100x80000000000000006966405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d36be1018e382242022-01-05 10:05:16.220root 11241100x80000000000000006966406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f99e46f1eb900ac2022-01-05 10:05:16.220root 11241100x80000000000000006966407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86efc3d68771586f2022-01-05 10:05:16.220root 11241100x80000000000000006966408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f75f0b4407266282022-01-05 10:05:16.221root 11241100x80000000000000006966409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1759f4c474e60ad82022-01-05 10:05:16.221root 11241100x80000000000000006966410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877f1088d18956d92022-01-05 10:05:16.221root 11241100x80000000000000006966411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4867608e00f54f9a2022-01-05 10:05:16.221root 11241100x80000000000000006966412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c3009928b96c212022-01-05 10:05:16.222root 11241100x80000000000000006966413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0e88f34ca5ea6a2022-01-05 10:05:16.222root 11241100x80000000000000006966414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b686e63169e25e02022-01-05 10:05:16.222root 11241100x80000000000000006966415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46fc882180790142022-01-05 10:05:16.223root 11241100x80000000000000006966416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da12828c943284512022-01-05 10:05:16.223root 11241100x80000000000000006966417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f5d8fa07fb99af2022-01-05 10:05:16.223root 11241100x80000000000000006966418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef797294a1317b62022-01-05 10:05:16.709root 11241100x80000000000000006966419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30624e3a5aa3bbf02022-01-05 10:05:16.710root 11241100x80000000000000006966420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd291d96ddef33ff2022-01-05 10:05:16.710root 11241100x80000000000000006966421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226b37ba2ca3b85f2022-01-05 10:05:16.710root 11241100x80000000000000006966422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87e65535313eb472022-01-05 10:05:16.710root 11241100x80000000000000006966423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213e6d3c9a277ad92022-01-05 10:05:16.710root 11241100x80000000000000006966424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69ffd2ebbb408ee2022-01-05 10:05:16.710root 11241100x80000000000000006966425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdd7195efee4cc02022-01-05 10:05:16.710root 11241100x80000000000000006966426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fa2251bd285b842022-01-05 10:05:16.710root 11241100x80000000000000006966427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4dc15d21b2f2872022-01-05 10:05:16.710root 11241100x80000000000000006966428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7b4e9ba741701e2022-01-05 10:05:16.710root 11241100x80000000000000006966429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496b944270f7d05b2022-01-05 10:05:16.710root 11241100x80000000000000006966430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64bd13536b114b42022-01-05 10:05:16.710root 11241100x80000000000000006966431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a6e25a825eda042022-01-05 10:05:16.710root 11241100x80000000000000006966432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac1bb1550fe853a2022-01-05 10:05:16.711root 11241100x80000000000000006966433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd455b9d1d6670c2022-01-05 10:05:16.711root 11241100x80000000000000006966434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8427f41bcc2a97e2022-01-05 10:05:16.711root 11241100x80000000000000006966435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67606ab5d62cc83e2022-01-05 10:05:16.711root 11241100x80000000000000006966436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f7362b28bdcff12022-01-05 10:05:16.711root 11241100x80000000000000006966437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fefe9f365bcce02022-01-05 10:05:16.711root 11241100x80000000000000006966438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2845b47ea05146162022-01-05 10:05:16.711root 11241100x80000000000000006966439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03b6a00a88e0a442022-01-05 10:05:16.711root 11241100x80000000000000006966440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165103d96be489ca2022-01-05 10:05:16.711root 11241100x80000000000000006966441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8228c9918e273c5c2022-01-05 10:05:16.711root 11241100x80000000000000006966442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1456fd810119a522022-01-05 10:05:16.711root 11241100x80000000000000006966443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ad8e1cad81ba2f2022-01-05 10:05:16.711root 11241100x80000000000000006966444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7892957f35a9382022-01-05 10:05:17.209root 11241100x80000000000000006966445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d165dbd57b56349f2022-01-05 10:05:17.209root 11241100x80000000000000006966446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaf42141c3fc7712022-01-05 10:05:17.209root 11241100x80000000000000006966447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6608ab038adecf782022-01-05 10:05:17.209root 11241100x80000000000000006966448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed596ea2af957bff2022-01-05 10:05:17.210root 11241100x80000000000000006966449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1048ec0e5a24392022-01-05 10:05:17.210root 11241100x80000000000000006966450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb6281f8d4fcb592022-01-05 10:05:17.210root 11241100x80000000000000006966451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051b335f8011f9ed2022-01-05 10:05:17.210root 11241100x80000000000000006966452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ba4f49fe7a50a2022-01-05 10:05:17.210root 11241100x80000000000000006966453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8c3ece46d91fb92022-01-05 10:05:17.210root 11241100x80000000000000006966454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bf056bf90ddacc2022-01-05 10:05:17.210root 11241100x80000000000000006966455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db63cdaad69b9662022-01-05 10:05:17.210root 11241100x80000000000000006966456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ccc2d258e439752022-01-05 10:05:17.210root 11241100x80000000000000006966457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad5ab0786ee00ed2022-01-05 10:05:17.210root 11241100x80000000000000006966458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f63083d021e7582022-01-05 10:05:17.210root 11241100x80000000000000006966459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5752301da1649222022-01-05 10:05:17.211root 11241100x80000000000000006966460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463a810a0c51e2f32022-01-05 10:05:17.211root 11241100x80000000000000006966461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64f67c60a0a70de2022-01-05 10:05:17.211root 11241100x80000000000000006966462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e18d665c62bc5292022-01-05 10:05:17.211root 11241100x80000000000000006966463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32562fc80fa1d75b2022-01-05 10:05:17.211root 11241100x80000000000000006966464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3e82331e5972b72022-01-05 10:05:17.211root 11241100x80000000000000006966465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cefd3e1d9ca74f2022-01-05 10:05:17.211root 11241100x80000000000000006966466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08661853e9cc8f322022-01-05 10:05:17.211root 11241100x80000000000000006966467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8089a3fb0882092022-01-05 10:05:17.211root 11241100x80000000000000006966468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2013adde1b72e62022-01-05 10:05:17.211root 11241100x80000000000000006966469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ba1d9b357608812022-01-05 10:05:17.212root 11241100x80000000000000006966470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dad1e52334ff112022-01-05 10:05:17.709root 11241100x80000000000000006966471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d123f8ad346895f02022-01-05 10:05:17.710root 11241100x80000000000000006966472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032655420d0280bf2022-01-05 10:05:17.710root 11241100x80000000000000006966473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc27d202ee8ad532022-01-05 10:05:17.710root 11241100x80000000000000006966474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b707c225ae84f1f32022-01-05 10:05:17.710root 11241100x80000000000000006966475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108be0e46c22be512022-01-05 10:05:17.710root 11241100x80000000000000006966476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2334a5545ff2bd32022-01-05 10:05:17.710root 11241100x80000000000000006966477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d3709e6376778a2022-01-05 10:05:17.710root 11241100x80000000000000006966478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab567b0773611b702022-01-05 10:05:17.711root 11241100x80000000000000006966479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7a87222b6121452022-01-05 10:05:17.711root 11241100x80000000000000006966480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8ff8267ddfaad62022-01-05 10:05:17.711root 11241100x80000000000000006966481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a18a76ae784e5132022-01-05 10:05:17.711root 11241100x80000000000000006966482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bbaf54dd66a6de2022-01-05 10:05:17.711root 11241100x80000000000000006966483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc8f3a1072d9abc2022-01-05 10:05:17.711root 11241100x80000000000000006966484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee0899e20f26d1e2022-01-05 10:05:17.711root 11241100x80000000000000006966485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e319669f49cba96b2022-01-05 10:05:17.711root 11241100x80000000000000006966486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be32ecced816f73b2022-01-05 10:05:17.711root 11241100x80000000000000006966487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac2afc4a295dcbe2022-01-05 10:05:17.711root 11241100x80000000000000006966488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8527f83aa66346702022-01-05 10:05:17.711root 11241100x80000000000000006966489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f0b8bc255c6d012022-01-05 10:05:17.711root 11241100x80000000000000006966490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433607d1c2dff4562022-01-05 10:05:17.711root 11241100x80000000000000006966491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672cac5ccd7cbbf42022-01-05 10:05:17.711root 11241100x80000000000000006966492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d462fe972c2e442022-01-05 10:05:17.711root 11241100x80000000000000006966493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199ce9d4042bf8b02022-01-05 10:05:17.712root 11241100x80000000000000006966494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb12554dd2de6852022-01-05 10:05:17.712root 11241100x80000000000000006966495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:17.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a16a574533cccf2022-01-05 10:05:17.712root 11241100x80000000000000006966496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957d8cb3c41c940b2022-01-05 10:05:18.209root 11241100x80000000000000006966497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7e3b6d20ecea842022-01-05 10:05:18.209root 11241100x80000000000000006966498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b74f06d0c4e5932022-01-05 10:05:18.209root 11241100x80000000000000006966499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a25ee1dd62a2e612022-01-05 10:05:18.209root 11241100x80000000000000006966500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df0b7328220a2ed2022-01-05 10:05:18.210root 11241100x80000000000000006966501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d507e240d04e533a2022-01-05 10:05:18.210root 11241100x80000000000000006966502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0137f9331802ac2022-01-05 10:05:18.210root 11241100x80000000000000006966503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771be4a46211d72f2022-01-05 10:05:18.210root 11241100x80000000000000006966504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aeedd0187ab3942022-01-05 10:05:18.210root 11241100x80000000000000006966505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140382c995fc72f72022-01-05 10:05:18.210root 11241100x80000000000000006966506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684e3eb8de52ffe12022-01-05 10:05:18.210root 11241100x80000000000000006966507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fd3298db58ded72022-01-05 10:05:18.210root 11241100x80000000000000006966508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3540fdf469a040232022-01-05 10:05:18.211root 11241100x80000000000000006966509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d822ba4e8dfe8f312022-01-05 10:05:18.211root 11241100x80000000000000006966510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9304a27dd555342022-01-05 10:05:18.211root 11241100x80000000000000006966511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a08123fcafeead32022-01-05 10:05:18.211root 11241100x80000000000000006966512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0c34b8b6d4d28d2022-01-05 10:05:18.211root 11241100x80000000000000006966513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54c8865e3e827982022-01-05 10:05:18.211root 11241100x80000000000000006966514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3affc904729e60f82022-01-05 10:05:18.211root 11241100x80000000000000006966515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebd650cc40c371b2022-01-05 10:05:18.212root 11241100x80000000000000006966516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52296144d77071a62022-01-05 10:05:18.212root 11241100x80000000000000006966517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eff0e556e8567c22022-01-05 10:05:18.212root 11241100x80000000000000006966518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9a15f26422c0172022-01-05 10:05:18.212root 11241100x80000000000000006966519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d665e602d442654c2022-01-05 10:05:18.212root 11241100x80000000000000006966520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aee100442cb94382022-01-05 10:05:18.212root 11241100x80000000000000006966521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faf62df27209e062022-01-05 10:05:18.212root 11241100x80000000000000006966522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f16ed2c468152b2022-01-05 10:05:18.213root 11241100x80000000000000006966523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d64865ecf6c34a2022-01-05 10:05:18.213root 11241100x80000000000000006966524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bcd01aa354e8302022-01-05 10:05:18.213root 11241100x80000000000000006966525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e34f2708b77f31a2022-01-05 10:05:18.213root 11241100x80000000000000006966526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4e53740e75d9df2022-01-05 10:05:18.213root 11241100x80000000000000006966527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b658639231edbb2022-01-05 10:05:18.214root 11241100x80000000000000006966528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4af566ad108d6a2022-01-05 10:05:18.214root 11241100x80000000000000006966529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d1e76a60428d2d2022-01-05 10:05:18.214root 11241100x80000000000000006966530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229f74971a9d44082022-01-05 10:05:18.214root 11241100x80000000000000006966531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9e96e71be3de502022-01-05 10:05:18.214root 11241100x80000000000000006966532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d998ed81b1c0c4a2022-01-05 10:05:18.215root 11241100x80000000000000006966533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bbf813a57617632022-01-05 10:05:18.215root 11241100x80000000000000006966534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986e86010c155ad12022-01-05 10:05:18.215root 11241100x80000000000000006966535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451efd50e789ebb12022-01-05 10:05:18.215root 11241100x80000000000000006966536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d19abd9e8376d12022-01-05 10:05:18.215root 11241100x80000000000000006966537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044062ba9a37df6d2022-01-05 10:05:18.215root 11241100x80000000000000006966538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f088b9e366675ed32022-01-05 10:05:18.216root 11241100x80000000000000006966539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b49d42558d4a4c2022-01-05 10:05:18.709root 11241100x80000000000000006966540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b292afe32e002dd2022-01-05 10:05:18.710root 11241100x80000000000000006966541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c451ac4f85244ce2022-01-05 10:05:18.710root 11241100x80000000000000006966542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5a64b4c468a7fe2022-01-05 10:05:18.710root 11241100x80000000000000006966543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c93386a00db21d2022-01-05 10:05:18.710root 11241100x80000000000000006966544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095a3de2d52d6ac42022-01-05 10:05:18.711root 11241100x80000000000000006966545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5f1d896c06098c2022-01-05 10:05:18.711root 11241100x80000000000000006966546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36353139129cb0432022-01-05 10:05:18.711root 11241100x80000000000000006966547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1b8ced0138bc152022-01-05 10:05:18.711root 11241100x80000000000000006966548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f1ee5d5423ad1b2022-01-05 10:05:18.711root 11241100x80000000000000006966549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77203e2ecef6a76d2022-01-05 10:05:18.711root 11241100x80000000000000006966550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ed3b7f82372b1f2022-01-05 10:05:18.712root 11241100x80000000000000006966551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a53bd2084cfa9572022-01-05 10:05:18.712root 11241100x80000000000000006966552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75f80770a9d53bf2022-01-05 10:05:18.712root 11241100x80000000000000006966553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9037e1b7ce4e134e2022-01-05 10:05:18.712root 11241100x80000000000000006966554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce86031b9a856a242022-01-05 10:05:18.713root 11241100x80000000000000006966555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741535a725663c672022-01-05 10:05:18.713root 11241100x80000000000000006966556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b241c38dafe19f6b2022-01-05 10:05:18.713root 11241100x80000000000000006966557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526eff66f229a0752022-01-05 10:05:18.713root 11241100x80000000000000006966558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c1a300aad2730e2022-01-05 10:05:18.714root 11241100x80000000000000006966559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e986caaeba212af2022-01-05 10:05:18.714root 11241100x80000000000000006966560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68c3f3b2ffc1e8e2022-01-05 10:05:18.714root 11241100x80000000000000006966561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7ed940c30065b92022-01-05 10:05:18.714root 11241100x80000000000000006966562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9352793dc047922022-01-05 10:05:18.714root 11241100x80000000000000006966563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eddaeb5b62cc6f32022-01-05 10:05:18.714root 11241100x80000000000000006966564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f8a801273fb7e02022-01-05 10:05:18.714root 11241100x80000000000000006966565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57463e7790ef1962022-01-05 10:05:18.714root 11241100x80000000000000006966566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:18.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643d1be2e634fbd72022-01-05 10:05:18.714root 11241100x80000000000000006966567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d77fe646b1c8e02022-01-05 10:05:19.210root 11241100x80000000000000006966568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b136106a16a5d62022-01-05 10:05:19.210root 11241100x80000000000000006966569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf818e38aff20862022-01-05 10:05:19.210root 11241100x80000000000000006966570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06c921036106512022-01-05 10:05:19.210root 11241100x80000000000000006966571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a699b38d6844512022-01-05 10:05:19.210root 11241100x80000000000000006966572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb86ff7efd9b78c2022-01-05 10:05:19.211root 11241100x80000000000000006966573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f04708f6d8d5aa22022-01-05 10:05:19.211root 11241100x80000000000000006966574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bf1da1e2e98aad2022-01-05 10:05:19.211root 11241100x80000000000000006966575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07c3bee52fdfff92022-01-05 10:05:19.211root 11241100x80000000000000006966576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa3beb55e2b297d2022-01-05 10:05:19.211root 11241100x80000000000000006966577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fe310c94acc5f22022-01-05 10:05:19.212root 11241100x80000000000000006966578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630b8930a782e8cc2022-01-05 10:05:19.212root 11241100x80000000000000006966579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef5a807ca00e73c2022-01-05 10:05:19.212root 11241100x80000000000000006966580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e279f172ebebf03f2022-01-05 10:05:19.212root 11241100x80000000000000006966581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87475e7560143b422022-01-05 10:05:19.212root 11241100x80000000000000006966582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb474e3abadd6712022-01-05 10:05:19.212root 11241100x80000000000000006966583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9074475c13cda62022-01-05 10:05:19.212root 11241100x80000000000000006966584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ce6ec666b6e91f2022-01-05 10:05:19.213root 11241100x80000000000000006966585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21908ece0026a4f02022-01-05 10:05:19.213root 11241100x80000000000000006966586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b11fddf87d1a202022-01-05 10:05:19.213root 11241100x80000000000000006966587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367c4be73d3168ab2022-01-05 10:05:19.213root 11241100x80000000000000006966588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46f1667410ecc8e2022-01-05 10:05:19.214root 11241100x80000000000000006966589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbbb336f30202dc2022-01-05 10:05:19.214root 11241100x80000000000000006966590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a82c2284b10ccd2022-01-05 10:05:19.214root 11241100x80000000000000006966591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd77ed309ace440c2022-01-05 10:05:19.214root 11241100x80000000000000006966592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429bbd3c986a79f92022-01-05 10:05:19.214root 11241100x80000000000000006966593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4155dff4a08430642022-01-05 10:05:19.709root 11241100x80000000000000006966594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b0739a76f63bca2022-01-05 10:05:19.710root 11241100x80000000000000006966595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c531187cf6f10962022-01-05 10:05:19.710root 11241100x80000000000000006966596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a704e7cd0e752ce02022-01-05 10:05:19.710root 11241100x80000000000000006966597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a5639fb7a6ae832022-01-05 10:05:19.710root 11241100x80000000000000006966598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88942bd55461b9d22022-01-05 10:05:19.710root 11241100x80000000000000006966599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85575a28f764d3db2022-01-05 10:05:19.710root 11241100x80000000000000006966600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b82b4eb4e6d52f2022-01-05 10:05:19.711root 11241100x80000000000000006966601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a2a79c473ec6212022-01-05 10:05:19.711root 11241100x80000000000000006966602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382bfb211bacd892022-01-05 10:05:19.711root 11241100x80000000000000006966603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b004bab205737c6a2022-01-05 10:05:19.711root 11241100x80000000000000006966604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130c45a5e99ac0082022-01-05 10:05:19.712root 11241100x80000000000000006966605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb95d22700ae19b2022-01-05 10:05:19.712root 11241100x80000000000000006966606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31e3f0d38bf24302022-01-05 10:05:19.712root 11241100x80000000000000006966607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409a376b81426f662022-01-05 10:05:19.712root 11241100x80000000000000006966608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e58fa88cb1cd092022-01-05 10:05:19.712root 11241100x80000000000000006966609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34e8768c78f44b42022-01-05 10:05:19.712root 11241100x80000000000000006966610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e3d0430c5ed1ac2022-01-05 10:05:19.712root 11241100x80000000000000006966611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8df4822dc438dc2022-01-05 10:05:19.712root 11241100x80000000000000006966612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2d22303663999b2022-01-05 10:05:19.712root 11241100x80000000000000006966613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16829ca6acab0d7d2022-01-05 10:05:19.713root 11241100x80000000000000006966614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df06ac88cc06643b2022-01-05 10:05:19.713root 11241100x80000000000000006966615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a44e9dfabab8ab92022-01-05 10:05:19.713root 11241100x80000000000000006966616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9e86f0696652f42022-01-05 10:05:19.713root 11241100x80000000000000006966617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402ea1ac76a6cb682022-01-05 10:05:19.713root 11241100x80000000000000006966618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a97f8c21178b802022-01-05 10:05:19.713root 11241100x80000000000000006966619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:19.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86dab9a779c40042022-01-05 10:05:19.713root 11241100x80000000000000006966620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8fce1d2cd96a9e2022-01-05 10:05:20.209root 11241100x80000000000000006966621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8d356db15161522022-01-05 10:05:20.210root 11241100x80000000000000006966622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e994141b11355c922022-01-05 10:05:20.210root 11241100x80000000000000006966623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353ddb4b7072b2602022-01-05 10:05:20.210root 11241100x80000000000000006966624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ce1ca1de2067542022-01-05 10:05:20.210root 11241100x80000000000000006966625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e632c02379731c2022-01-05 10:05:20.210root 11241100x80000000000000006966626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b80eb74eee8b352022-01-05 10:05:20.210root 11241100x80000000000000006966627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52683f6571111a542022-01-05 10:05:20.210root 11241100x80000000000000006966628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed1cf9c33cd76c62022-01-05 10:05:20.211root 11241100x80000000000000006966629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af65db65e06e889d2022-01-05 10:05:20.211root 11241100x80000000000000006966630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c387cc22e7bbf12022-01-05 10:05:20.211root 11241100x80000000000000006966631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de4a3ea97d878c92022-01-05 10:05:20.211root 11241100x80000000000000006966632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c877391c51cdfbc52022-01-05 10:05:20.211root 11241100x80000000000000006966633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf35635ab108c66a2022-01-05 10:05:20.211root 11241100x80000000000000006966634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6994c64cbb3007d82022-01-05 10:05:20.211root 11241100x80000000000000006966635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51123a72e84a76892022-01-05 10:05:20.211root 11241100x80000000000000006966636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1717a870d6944ed52022-01-05 10:05:20.211root 11241100x80000000000000006966637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526b9cc61706c3252022-01-05 10:05:20.212root 11241100x80000000000000006966638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926d15006993c64e2022-01-05 10:05:20.212root 11241100x80000000000000006966639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db1493408cba10b2022-01-05 10:05:20.212root 11241100x80000000000000006966640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718c6cd0d8f41b472022-01-05 10:05:20.212root 11241100x80000000000000006966641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a052f63b4d7ae32022-01-05 10:05:20.212root 11241100x80000000000000006966642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb37211761b67b8f2022-01-05 10:05:20.213root 11241100x80000000000000006966643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8d5337565e15422022-01-05 10:05:20.213root 11241100x80000000000000006966644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70be7c49b6c294982022-01-05 10:05:20.213root 11241100x80000000000000006966645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4dfd90e4e2a0a82022-01-05 10:05:20.214root 11241100x80000000000000006966646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a01122e6abd53862022-01-05 10:05:20.710root 11241100x80000000000000006966647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417e371a544efb632022-01-05 10:05:20.710root 11241100x80000000000000006966648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a42a9317903c5b12022-01-05 10:05:20.710root 11241100x80000000000000006966649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4e4681135b959b2022-01-05 10:05:20.711root 11241100x80000000000000006966650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb3fa779503bb1a2022-01-05 10:05:20.711root 11241100x80000000000000006966651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850a5c8ef0d48f072022-01-05 10:05:20.711root 11241100x80000000000000006966652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aa9bfec196dcf82022-01-05 10:05:20.711root 11241100x80000000000000006966653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e3c8fde4694e9f2022-01-05 10:05:20.711root 11241100x80000000000000006966654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e087e5104a515a2022-01-05 10:05:20.711root 11241100x80000000000000006966655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b208bc86d2282d72022-01-05 10:05:20.711root 11241100x80000000000000006966656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efad5054a6060b82022-01-05 10:05:20.711root 11241100x80000000000000006966657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7312ad129118782022-01-05 10:05:20.711root 11241100x80000000000000006966658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2c1cce57e325db2022-01-05 10:05:20.712root 11241100x80000000000000006966659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30dac5c7537eb362022-01-05 10:05:20.712root 11241100x80000000000000006966660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd4dded8df3fe062022-01-05 10:05:20.712root 11241100x80000000000000006966661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d712ed49e9c9d162022-01-05 10:05:20.712root 11241100x80000000000000006966662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09065ce67d2ed452022-01-05 10:05:20.712root 11241100x80000000000000006966663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a58595ca76578bd2022-01-05 10:05:20.712root 11241100x80000000000000006966664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0bca71faa195af2022-01-05 10:05:20.712root 11241100x80000000000000006966665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919dfd51cbbc20c42022-01-05 10:05:20.712root 11241100x80000000000000006966666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e507cab71fc660ef2022-01-05 10:05:20.712root 11241100x80000000000000006966667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1ea151ace6d38c2022-01-05 10:05:20.712root 11241100x80000000000000006966668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69da4d04137edec12022-01-05 10:05:20.713root 11241100x80000000000000006966669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24d7d89b258ac402022-01-05 10:05:20.713root 11241100x80000000000000006966670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaa5cbf25a2e61e2022-01-05 10:05:20.713root 11241100x80000000000000006966671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:20.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e795edf625f91fef2022-01-05 10:05:20.713root 11241100x80000000000000006966672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228f5487133a8def2022-01-05 10:05:21.209root 11241100x80000000000000006966673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd186fa8467b88ee2022-01-05 10:05:21.210root 11241100x80000000000000006966674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b1b12b19d459ab2022-01-05 10:05:21.210root 11241100x80000000000000006966675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d941e626f94c9bef2022-01-05 10:05:21.210root 11241100x80000000000000006966676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2def6537a9b8356a2022-01-05 10:05:21.210root 11241100x80000000000000006966677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb36a962063fb6ff2022-01-05 10:05:21.210root 11241100x80000000000000006966678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d6a082976663982022-01-05 10:05:21.210root 11241100x80000000000000006966679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26d5067989aa1962022-01-05 10:05:21.210root 11241100x80000000000000006966680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f8e1ae899af79d2022-01-05 10:05:21.210root 11241100x80000000000000006966681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d11a3b44ef937f32022-01-05 10:05:21.211root 11241100x80000000000000006966682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b308fd720a0032022-01-05 10:05:21.211root 11241100x80000000000000006966683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babc8a1e22682e792022-01-05 10:05:21.211root 11241100x80000000000000006966684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b026db084560152022-01-05 10:05:21.211root 11241100x80000000000000006966685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba1995c62d282b72022-01-05 10:05:21.211root 11241100x80000000000000006966686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d453bd13c3f4522022-01-05 10:05:21.211root 11241100x80000000000000006966687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1227c93a42ba170b2022-01-05 10:05:21.211root 11241100x80000000000000006966688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3c3a79dcd907b52022-01-05 10:05:21.212root 11241100x80000000000000006966689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed438e4deb96e842022-01-05 10:05:21.212root 11241100x80000000000000006966690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540615f992e5c1fb2022-01-05 10:05:21.212root 11241100x80000000000000006966691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aa7577dc67086e2022-01-05 10:05:21.212root 11241100x80000000000000006966692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b16233ca2f257a2022-01-05 10:05:21.212root 11241100x80000000000000006966693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e31bbd2eb881ba2022-01-05 10:05:21.212root 11241100x80000000000000006966694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd866b4488ec6702022-01-05 10:05:21.212root 11241100x80000000000000006966695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7065b7eaf61a79872022-01-05 10:05:21.212root 11241100x80000000000000006966696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7326d468ea596e342022-01-05 10:05:21.212root 11241100x80000000000000006966697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8625d126a3c5c2672022-01-05 10:05:21.212root 11241100x80000000000000006966698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684072bfca1bd0f62022-01-05 10:05:21.212root 11241100x80000000000000006966699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed3b03fa04f5ef82022-01-05 10:05:21.710root 11241100x80000000000000006966700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba99e34ff9182222022-01-05 10:05:21.710root 11241100x80000000000000006966701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484f31945fd182072022-01-05 10:05:21.710root 11241100x80000000000000006966702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c449b185bb512f52022-01-05 10:05:21.710root 11241100x80000000000000006966703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baaa2d36e10f0c02022-01-05 10:05:21.710root 11241100x80000000000000006966704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cce7eebb11dfde2022-01-05 10:05:21.710root 11241100x80000000000000006966705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1c5890f86e5d952022-01-05 10:05:21.710root 11241100x80000000000000006966706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c5254a2e9898de2022-01-05 10:05:21.710root 11241100x80000000000000006966707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7296909ffb64093d2022-01-05 10:05:21.710root 11241100x80000000000000006966708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6fafc8dc9b62622022-01-05 10:05:21.710root 11241100x80000000000000006966709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88cc1970d81bcf92022-01-05 10:05:21.710root 11241100x80000000000000006966710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dc35fcfb9318ca2022-01-05 10:05:21.711root 11241100x80000000000000006966711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e21de1c2ac920c02022-01-05 10:05:21.711root 11241100x80000000000000006966712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8834dd75e386fc2022-01-05 10:05:21.711root 11241100x80000000000000006966713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9647a5a14e6efba52022-01-05 10:05:21.711root 11241100x80000000000000006966714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6ffb8b331272952022-01-05 10:05:21.711root 11241100x80000000000000006966715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ea77c6e5acc9b42022-01-05 10:05:21.711root 11241100x80000000000000006966716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437527bec520fc382022-01-05 10:05:21.711root 11241100x80000000000000006966717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2d8fa5ba56c77c2022-01-05 10:05:21.711root 11241100x80000000000000006966718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f73cf81af7f0a422022-01-05 10:05:21.711root 11241100x80000000000000006966719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b24202788e01212022-01-05 10:05:21.711root 11241100x80000000000000006966720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a7d37c1a6fc9fb2022-01-05 10:05:21.711root 11241100x80000000000000006966721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477e12afeaea85592022-01-05 10:05:21.712root 11241100x80000000000000006966722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a6460aed84e3902022-01-05 10:05:21.712root 11241100x80000000000000006966723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ead52840843970a2022-01-05 10:05:21.712root 11241100x80000000000000006966724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:21.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ba4d99c8e7e24a2022-01-05 10:05:21.712root 354300x80000000000000006966725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.146{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41778-false10.0.1.12-8000- 11241100x80000000000000006966726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed3ade1b815d88a2022-01-05 10:05:22.147root 11241100x80000000000000006966727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9a3d08c898c7ef2022-01-05 10:05:22.147root 11241100x80000000000000006966728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89e175246f4c7b52022-01-05 10:05:22.147root 11241100x80000000000000006966729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca83501b3d6ac34b2022-01-05 10:05:22.147root 11241100x80000000000000006966730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a038df3b869e5d2022-01-05 10:05:22.147root 11241100x80000000000000006966731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75f62abcf2b52b82022-01-05 10:05:22.147root 11241100x80000000000000006966732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca79e642c6eac7a2022-01-05 10:05:22.147root 11241100x80000000000000006966733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070f22ca2c466c202022-01-05 10:05:22.148root 11241100x80000000000000006966734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f870711caf89be2022-01-05 10:05:22.148root 11241100x80000000000000006966735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d952d2eaf4edf702022-01-05 10:05:22.148root 11241100x80000000000000006966736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e45738a57abfe9b2022-01-05 10:05:22.148root 11241100x80000000000000006966737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61e408deff5eaf72022-01-05 10:05:22.148root 11241100x80000000000000006966738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a01fd3f88f3f9a22022-01-05 10:05:22.148root 11241100x80000000000000006966739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.148{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c960e274f0df232022-01-05 10:05:22.148root 11241100x80000000000000006966740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.149{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa398b30b07906c2022-01-05 10:05:22.149root 11241100x80000000000000006966741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.149{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfc2a7da9dfccdc2022-01-05 10:05:22.149root 11241100x80000000000000006966742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.149{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0906631d1a7a16a62022-01-05 10:05:22.149root 11241100x80000000000000006966743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.149{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46afcf435f6e2f92022-01-05 10:05:22.149root 11241100x80000000000000006966744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.149{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ce078ddb3fbdb82022-01-05 10:05:22.149root 11241100x80000000000000006966745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.149{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e618ed81c75bb12022-01-05 10:05:22.149root 11241100x80000000000000006966746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.149{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf353114308fb3ee2022-01-05 10:05:22.149root 11241100x80000000000000006966747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.149{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268e200573f655332022-01-05 10:05:22.149root 11241100x80000000000000006966748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.149{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bd1b8f6dedfbc52022-01-05 10:05:22.149root 11241100x80000000000000006966749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7170f8d4ffa1d8bd2022-01-05 10:05:22.150root 11241100x80000000000000006966750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221e2163de75d7712022-01-05 10:05:22.150root 11241100x80000000000000006966751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be23094805241db22022-01-05 10:05:22.150root 11241100x80000000000000006966752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b62bc61d9426df22022-01-05 10:05:22.150root 11241100x80000000000000006966753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676f9db0deba87992022-01-05 10:05:22.150root 11241100x80000000000000006966754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab22d6e5e8cd5c62022-01-05 10:05:22.150root 11241100x80000000000000006966755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1f0dc17d409c742022-01-05 10:05:22.150root 11241100x80000000000000006966756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5497962cb3725a2022-01-05 10:05:22.150root 11241100x80000000000000006966757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ced48c34ca65962022-01-05 10:05:22.150root 11241100x80000000000000006966758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2f38a7f3bb2d2e2022-01-05 10:05:22.150root 11241100x80000000000000006966759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.150{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338e98ec15a61d262022-01-05 10:05:22.150root 11241100x80000000000000006966760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.151{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64fe1ae1f3e52532022-01-05 10:05:22.151root 11241100x80000000000000006966761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.151{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae44f5f30b3bda42022-01-05 10:05:22.151root 11241100x80000000000000006966762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e4aa1f1ebff4ac2022-01-05 10:05:22.459root 11241100x80000000000000006966763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b19346c449e7d042022-01-05 10:05:22.459root 11241100x80000000000000006966764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514eb91a39e38b6c2022-01-05 10:05:22.459root 11241100x80000000000000006966765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3c3c34e76af1382022-01-05 10:05:22.459root 11241100x80000000000000006966766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d5a207611fc9a12022-01-05 10:05:22.459root 11241100x80000000000000006966767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badc0f70efb2e8602022-01-05 10:05:22.459root 11241100x80000000000000006966768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33922f6baa5874942022-01-05 10:05:22.460root 11241100x80000000000000006966769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87963d4ca62071c2022-01-05 10:05:22.460root 11241100x80000000000000006966770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4573fcee82841ee62022-01-05 10:05:22.460root 11241100x80000000000000006966771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697770ab048ff9b02022-01-05 10:05:22.460root 11241100x80000000000000006966772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40da56a9913862e2022-01-05 10:05:22.460root 11241100x80000000000000006966773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247a2f6131c077f52022-01-05 10:05:22.460root 11241100x80000000000000006966774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62376fff1da3cf4c2022-01-05 10:05:22.460root 11241100x80000000000000006966775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc736047a3df8a52022-01-05 10:05:22.460root 11241100x80000000000000006966776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e46cb6742dc0752022-01-05 10:05:22.460root 11241100x80000000000000006966777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540426f76c62882d2022-01-05 10:05:22.460root 11241100x80000000000000006966778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d623f019ea9c4392022-01-05 10:05:22.460root 11241100x80000000000000006966779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6903163008e5bdd2022-01-05 10:05:22.461root 11241100x80000000000000006966780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3515cd592a8efa62022-01-05 10:05:22.461root 11241100x80000000000000006966781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda2ff5ae1f867832022-01-05 10:05:22.461root 11241100x80000000000000006966782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1cc6e1cc3e40122022-01-05 10:05:22.461root 11241100x80000000000000006966783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c954b8ba29be2132022-01-05 10:05:22.461root 11241100x80000000000000006966784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fdaac6f2905b852022-01-05 10:05:22.461root 11241100x80000000000000006966785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6000559a383844b32022-01-05 10:05:22.461root 11241100x80000000000000006966786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337bb16742ef13362022-01-05 10:05:22.461root 11241100x80000000000000006966787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8926002c098c05082022-01-05 10:05:22.462root 11241100x80000000000000006966788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3344c612a5bfc9742022-01-05 10:05:22.462root 534500x80000000000000006966789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.531{ec2e79f3-af45-61d2-c81a-c448f1550000}466/lib/systemd/systemd-journaldroot 11241100x80000000000000006966790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661bde94bb8ec8872022-01-05 10:05:22.960root 11241100x80000000000000006966791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830a0a2c8a47b4d82022-01-05 10:05:22.960root 11241100x80000000000000006966792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a835d26527a7cfd2022-01-05 10:05:22.960root 11241100x80000000000000006966793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d679172a5eea552022-01-05 10:05:22.961root 11241100x80000000000000006966794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a09d55027a49bae2022-01-05 10:05:22.961root 11241100x80000000000000006966795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9374d1d32de393872022-01-05 10:05:22.961root 11241100x80000000000000006966796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae66397b9ed3af12022-01-05 10:05:22.961root 11241100x80000000000000006966797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f4a2f8dcf5a3412022-01-05 10:05:22.961root 11241100x80000000000000006966798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7b10798bf844ac2022-01-05 10:05:22.961root 11241100x80000000000000006966799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ba0e45fcb3d1ae2022-01-05 10:05:22.961root 11241100x80000000000000006966800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60c41e48a6832b62022-01-05 10:05:22.961root 11241100x80000000000000006966801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025d56bfc41dcdb42022-01-05 10:05:22.961root 11241100x80000000000000006966802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7621556aaf3801ba2022-01-05 10:05:22.961root 11241100x80000000000000006966803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee1d8470a1569a2022-01-05 10:05:22.961root 11241100x80000000000000006966804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a12395c459bb542022-01-05 10:05:22.961root 11241100x80000000000000006966805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057073a814deb6d52022-01-05 10:05:22.961root 11241100x80000000000000006966806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e729c43b975ac6862022-01-05 10:05:22.962root 11241100x80000000000000006966807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b60b5010949e652022-01-05 10:05:22.962root 11241100x80000000000000006966808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e0b4309209d09c2022-01-05 10:05:22.962root 11241100x80000000000000006966809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7fd71000b734dd2022-01-05 10:05:22.962root 11241100x80000000000000006966810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64995eda9863820a2022-01-05 10:05:22.962root 11241100x80000000000000006966811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674b5e4e200409262022-01-05 10:05:22.962root 11241100x80000000000000006966812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42e349ca6cc676e2022-01-05 10:05:22.962root 11241100x80000000000000006966813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e94645e2afeb7bc2022-01-05 10:05:22.962root 11241100x80000000000000006966814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0853997d0c77d502022-01-05 10:05:22.962root 11241100x80000000000000006966815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d100b2e0fedd66f2022-01-05 10:05:22.962root 11241100x80000000000000006966816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba3e966f1ec201e2022-01-05 10:05:22.962root 11241100x80000000000000006966817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9652f3d410c290a62022-01-05 10:05:22.963root 11241100x80000000000000006966818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fdaf5b5931b49d2022-01-05 10:05:23.459root 11241100x80000000000000006966819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca798af1f7ffb842022-01-05 10:05:23.460root 11241100x80000000000000006966820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f6d45ef359e0a12022-01-05 10:05:23.460root 11241100x80000000000000006966821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dae431821a5ec62022-01-05 10:05:23.460root 11241100x80000000000000006966822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640a12e9cf2224e62022-01-05 10:05:23.460root 11241100x80000000000000006966823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8e9f5fdc8233c42022-01-05 10:05:23.460root 11241100x80000000000000006966824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c038efa7a490bf2022-01-05 10:05:23.460root 11241100x80000000000000006966825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b000c7be7831c2c2022-01-05 10:05:23.461root 11241100x80000000000000006966826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e1d599f2d82aea2022-01-05 10:05:23.461root 11241100x80000000000000006966827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da894b04a60c32992022-01-05 10:05:23.461root 11241100x80000000000000006966828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680d4dfc886512dc2022-01-05 10:05:23.461root 11241100x80000000000000006966829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e711a16db7800672022-01-05 10:05:23.461root 11241100x80000000000000006966830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43bb1d35c62a2362022-01-05 10:05:23.462root 11241100x80000000000000006966831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17f675e543447ff2022-01-05 10:05:23.462root 11241100x80000000000000006966832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8271c7fcfd1bb6b92022-01-05 10:05:23.462root 11241100x80000000000000006966833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a451221a6b2f872022-01-05 10:05:23.462root 11241100x80000000000000006966834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d395f031bf5add02022-01-05 10:05:23.462root 11241100x80000000000000006966835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f517dda05452d4a2022-01-05 10:05:23.462root 11241100x80000000000000006966836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b4b34a666bd7ea2022-01-05 10:05:23.462root 11241100x80000000000000006966837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36132e4f8f7ff43a2022-01-05 10:05:23.462root 11241100x80000000000000006966838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c76ee138d961312022-01-05 10:05:23.462root 11241100x80000000000000006966839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9bf6a179ac96032022-01-05 10:05:23.462root 11241100x80000000000000006966840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baefb255dab4ffca2022-01-05 10:05:23.462root 11241100x80000000000000006966841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3361d0b5e3f1dc2022-01-05 10:05:23.463root 11241100x80000000000000006966842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8febc8438c80d7142022-01-05 10:05:23.463root 11241100x80000000000000006966843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052a6d78eeafa8fc2022-01-05 10:05:23.463root 11241100x80000000000000006966844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c760450301a1bb72022-01-05 10:05:23.463root 11241100x80000000000000006966845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a568ad3c30a02bb2022-01-05 10:05:23.463root 11241100x80000000000000006966846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf55f4f534c44742022-01-05 10:05:23.463root 11241100x80000000000000006966847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ff8ba113a9c2762022-01-05 10:05:23.959root 11241100x80000000000000006966848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8210aa82a61069f82022-01-05 10:05:23.960root 11241100x80000000000000006966849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722f4b91690a79672022-01-05 10:05:23.960root 11241100x80000000000000006966850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3b0c8a62feb9622022-01-05 10:05:23.960root 11241100x80000000000000006966851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ac7edaf13de5592022-01-05 10:05:23.960root 11241100x80000000000000006966852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518fa01132c128c42022-01-05 10:05:23.960root 11241100x80000000000000006966853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f753ea2e76ab3cc2022-01-05 10:05:23.961root 11241100x80000000000000006966854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f71a945a8283fc2022-01-05 10:05:23.961root 11241100x80000000000000006966855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1feedd0e639e40bc2022-01-05 10:05:23.961root 11241100x80000000000000006966856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80917a209dd38f0c2022-01-05 10:05:23.961root 11241100x80000000000000006966857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74c8963c55fa5c82022-01-05 10:05:23.961root 11241100x80000000000000006966858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71868570ac5aee912022-01-05 10:05:23.961root 11241100x80000000000000006966859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d67239c2e8e572022-01-05 10:05:23.961root 11241100x80000000000000006966860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815af6ab11a3b3052022-01-05 10:05:23.961root 11241100x80000000000000006966861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b30a0527f8350fe2022-01-05 10:05:23.961root 11241100x80000000000000006966862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb737a4f315b74892022-01-05 10:05:23.961root 11241100x80000000000000006966863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93969f1a51cdaa7b2022-01-05 10:05:23.961root 11241100x80000000000000006966864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692890960b61ddf62022-01-05 10:05:23.962root 11241100x80000000000000006966865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d812392660f852cd2022-01-05 10:05:23.962root 11241100x80000000000000006966866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae8260c6615e10b2022-01-05 10:05:23.962root 11241100x80000000000000006966867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3208ec868714a4512022-01-05 10:05:23.962root 11241100x80000000000000006966868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af8b4e9756dd9922022-01-05 10:05:23.962root 11241100x80000000000000006966869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea9591a15dee9462022-01-05 10:05:23.962root 11241100x80000000000000006966870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079f27ddd1a34a202022-01-05 10:05:23.962root 11241100x80000000000000006966871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5167b7ee4d9cc792022-01-05 10:05:23.962root 11241100x80000000000000006966872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff29e9629b031452022-01-05 10:05:23.962root 11241100x80000000000000006966873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a168edbcefb6142022-01-05 10:05:23.962root 11241100x80000000000000006966874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56946263b0b51c62022-01-05 10:05:23.963root 11241100x80000000000000006966875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2710538dd116d3702022-01-05 10:05:23.963root 11241100x80000000000000006966876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:23.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89566430e200fb572022-01-05 10:05:23.963root 11241100x80000000000000006966877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7903ef3cb76c22bf2022-01-05 10:05:24.459root 11241100x80000000000000006966878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcaa6420c9ceaaf2022-01-05 10:05:24.459root 11241100x80000000000000006966879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3d2d1d17126e3b2022-01-05 10:05:24.459root 11241100x80000000000000006966880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7286c881ed29c4482022-01-05 10:05:24.459root 11241100x80000000000000006966881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3b0bb8734e04952022-01-05 10:05:24.459root 11241100x80000000000000006966882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db724dd6b8c775a2022-01-05 10:05:24.460root 11241100x80000000000000006966883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865b1dc024ec6fec2022-01-05 10:05:24.460root 11241100x80000000000000006966884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1def6080ac12a5ac2022-01-05 10:05:24.460root 11241100x80000000000000006966885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ea2489e794e4962022-01-05 10:05:24.460root 11241100x80000000000000006966886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24479769e78352812022-01-05 10:05:24.460root 11241100x80000000000000006966887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6a41e9753aa06e2022-01-05 10:05:24.460root 11241100x80000000000000006966888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80872dd1c12a2f302022-01-05 10:05:24.460root 11241100x80000000000000006966889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1653580fccafa63b2022-01-05 10:05:24.460root 11241100x80000000000000006966890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aef6c039898a762022-01-05 10:05:24.460root 11241100x80000000000000006966891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b968a3443750692022-01-05 10:05:24.460root 11241100x80000000000000006966892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df69d2e24a6894e02022-01-05 10:05:24.461root 11241100x80000000000000006966893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fea3cb137911052022-01-05 10:05:24.461root 11241100x80000000000000006966894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d2060ee509cdf62022-01-05 10:05:24.461root 11241100x80000000000000006966895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe22715b5bb4b0b2022-01-05 10:05:24.461root 11241100x80000000000000006966896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f649371bcd4c672022-01-05 10:05:24.461root 11241100x80000000000000006966897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e0c03b311ffb342022-01-05 10:05:24.461root 11241100x80000000000000006966898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61efa48947112e992022-01-05 10:05:24.461root 11241100x80000000000000006966899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37409085d1a4f50e2022-01-05 10:05:24.462root 11241100x80000000000000006966900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee32a15ec30b254e2022-01-05 10:05:24.462root 11241100x80000000000000006966901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c37ae25e1086752022-01-05 10:05:24.462root 11241100x80000000000000006966902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fa46a9870142212022-01-05 10:05:24.462root 11241100x80000000000000006966903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4265afebf93acf2022-01-05 10:05:24.462root 11241100x80000000000000006966904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da7f033c7d31a212022-01-05 10:05:24.462root 11241100x80000000000000006966905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e29c244195ad09f2022-01-05 10:05:24.462root 11241100x80000000000000006966906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080e6bb6fa80addf2022-01-05 10:05:24.462root 11241100x80000000000000006966907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e6fc650ebbecfc2022-01-05 10:05:24.959root 11241100x80000000000000006966908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5017ad9f1a3bc892022-01-05 10:05:24.959root 11241100x80000000000000006966909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a77a310f07958772022-01-05 10:05:24.959root 11241100x80000000000000006966910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e939c7dfe69258182022-01-05 10:05:24.959root 11241100x80000000000000006966911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f314e9054176a9a2022-01-05 10:05:24.960root 11241100x80000000000000006966912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18874a44173f8f852022-01-05 10:05:24.960root 11241100x80000000000000006966913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15feab2cb2ae4dfe2022-01-05 10:05:24.960root 11241100x80000000000000006966914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc075fd91d12145c2022-01-05 10:05:24.960root 11241100x80000000000000006966915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6402948f5afab29e2022-01-05 10:05:24.960root 11241100x80000000000000006966916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27441ee0b19b613c2022-01-05 10:05:24.960root 11241100x80000000000000006966917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88f52370781b282022-01-05 10:05:24.960root 11241100x80000000000000006966918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2a56e326bff5742022-01-05 10:05:24.960root 11241100x80000000000000006966919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ee2b35b57082bf2022-01-05 10:05:24.960root 11241100x80000000000000006966920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296d82d2e3415f752022-01-05 10:05:24.961root 11241100x80000000000000006966921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65d35272b26a9112022-01-05 10:05:24.961root 11241100x80000000000000006966922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95114f2d59117072022-01-05 10:05:24.961root 11241100x80000000000000006966923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d99f07f859712c72022-01-05 10:05:24.961root 11241100x80000000000000006966924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145db754c693f2972022-01-05 10:05:24.961root 11241100x80000000000000006966925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986069912bd11842022-01-05 10:05:24.961root 11241100x80000000000000006966926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114b157c32a884002022-01-05 10:05:24.961root 11241100x80000000000000006966927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2adc6c867aef3a2022-01-05 10:05:24.961root 11241100x80000000000000006966928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259ae899d05f2dda2022-01-05 10:05:24.961root 11241100x80000000000000006966929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d3a84e49544d662022-01-05 10:05:24.962root 11241100x80000000000000006966930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeae8136826e6ae2022-01-05 10:05:24.962root 11241100x80000000000000006966931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7c026491831c422022-01-05 10:05:24.962root 11241100x80000000000000006966932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cbd5b9538243a02022-01-05 10:05:24.962root 11241100x80000000000000006966933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83afaa39b50ec2132022-01-05 10:05:24.962root 11241100x80000000000000006966934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7ff1a75633f0af2022-01-05 10:05:24.962root 11241100x80000000000000006966935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756b729f0bef84be2022-01-05 10:05:24.962root 11241100x80000000000000006966936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cd106d2ba52d562022-01-05 10:05:24.962root 11241100x80000000000000006966937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb0b95dbc456dbe2022-01-05 10:05:25.460root 11241100x80000000000000006966938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ebd9af62d1aaaf2022-01-05 10:05:25.460root 11241100x80000000000000006966939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a34cbb767c1184e2022-01-05 10:05:25.460root 11241100x80000000000000006966940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3585c57cc5481f782022-01-05 10:05:25.460root 11241100x80000000000000006966941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a8978ccb6f50902022-01-05 10:05:25.460root 11241100x80000000000000006966942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a190b35654b1012022-01-05 10:05:25.461root 11241100x80000000000000006966943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eebe2d5a35789742022-01-05 10:05:25.461root 11241100x80000000000000006966944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37241d8ce1eb3b872022-01-05 10:05:25.461root 11241100x80000000000000006966945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5dc85cf3c55e272022-01-05 10:05:25.461root 11241100x80000000000000006966946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8285cd8dfacf26d2022-01-05 10:05:25.461root 11241100x80000000000000006966947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759b6116eeeb9b732022-01-05 10:05:25.461root 11241100x80000000000000006966948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc5b1aa7456756d2022-01-05 10:05:25.461root 11241100x80000000000000006966949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe27b9fac8279582022-01-05 10:05:25.461root 11241100x80000000000000006966950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce40dc69bdfd28e2022-01-05 10:05:25.461root 11241100x80000000000000006966951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6322989925282bff2022-01-05 10:05:25.461root 11241100x80000000000000006966952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dee7e4ad93b5cfe2022-01-05 10:05:25.461root 11241100x80000000000000006966953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f144db642d4dde2022-01-05 10:05:25.461root 11241100x80000000000000006966954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7a5265af8f103f2022-01-05 10:05:25.461root 11241100x80000000000000006966955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b87540258d60432022-01-05 10:05:25.461root 11241100x80000000000000006966956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9a9d00db85fc082022-01-05 10:05:25.462root 11241100x80000000000000006966957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dc081299e6cd8a2022-01-05 10:05:25.462root 11241100x80000000000000006966958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b1a1cd912f7de32022-01-05 10:05:25.462root 11241100x80000000000000006966959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9423977e03a1c0302022-01-05 10:05:25.462root 11241100x80000000000000006966960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb605c856ee071df2022-01-05 10:05:25.462root 11241100x80000000000000006966961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb6bd1f6f23d13e2022-01-05 10:05:25.462root 11241100x80000000000000006966962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39d07a01c4dfa6f2022-01-05 10:05:25.462root 11241100x80000000000000006966963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f2bf230f09167b2022-01-05 10:05:25.462root 11241100x80000000000000006966964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0912aa0084b93292022-01-05 10:05:25.462root 11241100x80000000000000006966965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad9940843f8a91f2022-01-05 10:05:25.960root 11241100x80000000000000006966966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c907327b7814c262022-01-05 10:05:25.960root 11241100x80000000000000006966967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c8530aa7a91d182022-01-05 10:05:25.960root 11241100x80000000000000006966968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb924fc3514e68d2022-01-05 10:05:25.961root 11241100x80000000000000006966969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afd870811e593762022-01-05 10:05:25.961root 11241100x80000000000000006966970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881d9964473efb482022-01-05 10:05:25.961root 11241100x80000000000000006966971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693058cb4c6e3a1e2022-01-05 10:05:25.961root 11241100x80000000000000006966972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cecf8b097ecca852022-01-05 10:05:25.961root 11241100x80000000000000006966973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c07dba1f10993b22022-01-05 10:05:25.961root 11241100x80000000000000006966974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430e883f01fba5e62022-01-05 10:05:25.961root 11241100x80000000000000006966975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e19d4e47feb5412022-01-05 10:05:25.961root 11241100x80000000000000006966976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b788df266be9b8d2022-01-05 10:05:25.961root 11241100x80000000000000006966977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb673c4b275e1502022-01-05 10:05:25.961root 11241100x80000000000000006966978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77eb19ab557507302022-01-05 10:05:25.962root 11241100x80000000000000006966979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21eb5337206aab102022-01-05 10:05:25.962root 11241100x80000000000000006966980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c249d48a4b81672022-01-05 10:05:25.962root 11241100x80000000000000006966981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cdc68fdc8ec7a92022-01-05 10:05:25.962root 11241100x80000000000000006966982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431d3024a7eb60c62022-01-05 10:05:25.962root 11241100x80000000000000006966983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3b11c8adf30c152022-01-05 10:05:25.962root 11241100x80000000000000006966984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0922c166e2f614b32022-01-05 10:05:25.962root 11241100x80000000000000006966985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967540008ecf55c02022-01-05 10:05:25.962root 11241100x80000000000000006966986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ffa0df108649cd2022-01-05 10:05:25.962root 11241100x80000000000000006966987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418cce238544cfa02022-01-05 10:05:25.962root 11241100x80000000000000006966988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c823611c60db3a92022-01-05 10:05:25.962root 11241100x80000000000000006966989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9ca5c3ee098ee02022-01-05 10:05:25.963root 11241100x80000000000000006966990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c056da484ae87c92022-01-05 10:05:25.963root 11241100x80000000000000006966991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c21d755dc7b041d2022-01-05 10:05:25.963root 11241100x80000000000000006966992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cc04e0098dbf1b2022-01-05 10:05:25.963root 11241100x80000000000000006966993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc561cf6f4bfe1a2022-01-05 10:05:26.460root 11241100x80000000000000006966994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7485ed3f8a0e9a822022-01-05 10:05:26.460root 11241100x80000000000000006966995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6cf758e43e1db52022-01-05 10:05:26.460root 11241100x80000000000000006966996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84a5c5160c1d8202022-01-05 10:05:26.460root 11241100x80000000000000006966997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c371daf6a269722f2022-01-05 10:05:26.461root 11241100x80000000000000006966998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dafe7bf6a5037f2022-01-05 10:05:26.461root 11241100x80000000000000006966999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294acf34113de7882022-01-05 10:05:26.461root 11241100x80000000000000006967000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f782034d8005e2622022-01-05 10:05:26.461root 11241100x80000000000000006967001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a570fc188bd4fe2022-01-05 10:05:26.461root 11241100x80000000000000006967002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e22bd01d02344c2022-01-05 10:05:26.461root 11241100x80000000000000006967003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7370ed12748afc172022-01-05 10:05:26.461root 11241100x80000000000000006967004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa817147738f5e22022-01-05 10:05:26.461root 11241100x80000000000000006967005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b5efd77658d5a52022-01-05 10:05:26.461root 11241100x80000000000000006967006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bac39f8bf102ac2022-01-05 10:05:26.461root 11241100x80000000000000006967007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2a66cb220ed3ab2022-01-05 10:05:26.462root 11241100x80000000000000006967008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a18d5ad77794cd2022-01-05 10:05:26.462root 11241100x80000000000000006967009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80283ecf6bbf9f952022-01-05 10:05:26.462root 11241100x80000000000000006967010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f91ef1f71ce7c2d2022-01-05 10:05:26.462root 11241100x80000000000000006967011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ebfcbef065b9782022-01-05 10:05:26.462root 11241100x80000000000000006967012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275a30cc00b033f82022-01-05 10:05:26.462root 11241100x80000000000000006967013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf67702649834c82022-01-05 10:05:26.462root 11241100x80000000000000006967014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cc2b6c5a4d59662022-01-05 10:05:26.462root 11241100x80000000000000006967015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82a76af6b9d4ade2022-01-05 10:05:26.462root 11241100x80000000000000006967016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f220e56483a3e22022-01-05 10:05:26.462root 11241100x80000000000000006967017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f3650b6b6a8f712022-01-05 10:05:26.462root 11241100x80000000000000006967018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e4b5c1bf6a11122022-01-05 10:05:26.462root 11241100x80000000000000006967019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ede7235ac9646d72022-01-05 10:05:26.463root 11241100x80000000000000006967020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9be1b7f38e528c92022-01-05 10:05:26.463root 11241100x80000000000000006967021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9556c74093eaa4c2022-01-05 10:05:26.959root 11241100x80000000000000006967022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b861c6f8820b4482022-01-05 10:05:26.959root 11241100x80000000000000006967023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a159fa633b0a5e2022-01-05 10:05:26.959root 11241100x80000000000000006967024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5336b8bfc9186d492022-01-05 10:05:26.959root 11241100x80000000000000006967025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a360e709d1ee982022-01-05 10:05:26.959root 11241100x80000000000000006967026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcbac37d84f652f2022-01-05 10:05:26.960root 11241100x80000000000000006967027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9bcf96fa951bca2022-01-05 10:05:26.960root 11241100x80000000000000006967028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250315e3fb9829a42022-01-05 10:05:26.960root 11241100x80000000000000006967029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a28df733723d522022-01-05 10:05:26.960root 11241100x80000000000000006967030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc6bf51c51cd30d2022-01-05 10:05:26.960root 11241100x80000000000000006967031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7170ccc4b3c51ab2022-01-05 10:05:26.960root 11241100x80000000000000006967032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b1b61b19307712022-01-05 10:05:26.960root 11241100x80000000000000006967033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db88733de98cf7c52022-01-05 10:05:26.960root 11241100x80000000000000006967034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b8d64d27ce80072022-01-05 10:05:26.961root 11241100x80000000000000006967035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8248f32bcc39962c2022-01-05 10:05:26.961root 11241100x80000000000000006967036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a9bcb5add60f7a2022-01-05 10:05:26.961root 11241100x80000000000000006967037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd138eff98e3fc52022-01-05 10:05:26.962root 11241100x80000000000000006967038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3005b97b43802c2022-01-05 10:05:26.962root 11241100x80000000000000006967039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a290ea400e65642022-01-05 10:05:26.962root 11241100x80000000000000006967040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f495fe9a10a1462022-01-05 10:05:26.962root 11241100x80000000000000006967041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d53660262c13b52022-01-05 10:05:26.962root 11241100x80000000000000006967042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edaddc7882cad9b2022-01-05 10:05:26.962root 11241100x80000000000000006967043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b28a758eb172e462022-01-05 10:05:26.962root 11241100x80000000000000006967044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2200b3297b77a65d2022-01-05 10:05:26.963root 11241100x80000000000000006967045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b6c39aff6230552022-01-05 10:05:26.963root 11241100x80000000000000006967046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cd32027adec2f32022-01-05 10:05:26.963root 11241100x80000000000000006967047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eecc161cd5fff982022-01-05 10:05:26.963root 11241100x80000000000000006967048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f2797dc164fbf92022-01-05 10:05:26.963root 11241100x80000000000000006967049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686a045e0d080f9b2022-01-05 10:05:26.963root 11241100x80000000000000006967050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b9a2bcc9c6c63f2022-01-05 10:05:26.963root 11241100x80000000000000006967051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41efbf116c2a51b52022-01-05 10:05:27.459root 11241100x80000000000000006967052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4b790ec7ee19562022-01-05 10:05:27.459root 11241100x80000000000000006967053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfe0c97c3e1417c2022-01-05 10:05:27.460root 11241100x80000000000000006967054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa8429fb95bfb1c2022-01-05 10:05:27.460root 11241100x80000000000000006967055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f297bcd4105f776f2022-01-05 10:05:27.460root 11241100x80000000000000006967056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35816217601b57a12022-01-05 10:05:27.460root 11241100x80000000000000006967057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c94bcdf5cf04e72022-01-05 10:05:27.460root 11241100x80000000000000006967058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0824276d8651f7982022-01-05 10:05:27.460root 11241100x80000000000000006967059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc722e8cda7977f2022-01-05 10:05:27.461root 11241100x80000000000000006967060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4062d300b1b15b2022-01-05 10:05:27.461root 11241100x80000000000000006967061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e0aa0fdbe539b52022-01-05 10:05:27.461root 11241100x80000000000000006967062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b73a6980ab9a7e2022-01-05 10:05:27.461root 11241100x80000000000000006967063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f231f3449947aee2022-01-05 10:05:27.461root 11241100x80000000000000006967064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933c453405fce9712022-01-05 10:05:27.461root 11241100x80000000000000006967065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f417e05f8f215c62022-01-05 10:05:27.462root 11241100x80000000000000006967066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839a2e621bd815152022-01-05 10:05:27.462root 11241100x80000000000000006967067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f156869e21a817ab2022-01-05 10:05:27.462root 11241100x80000000000000006967068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9199e01852d2505b2022-01-05 10:05:27.462root 11241100x80000000000000006967069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c103b6e43cfdb82022-01-05 10:05:27.462root 11241100x80000000000000006967070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84a66568f33d1172022-01-05 10:05:27.462root 11241100x80000000000000006967071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f432b0cff9d72f82022-01-05 10:05:27.463root 11241100x80000000000000006967072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d8572e41e6f9bf2022-01-05 10:05:27.463root 11241100x80000000000000006967073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e77e1a48bc684832022-01-05 10:05:27.463root 11241100x80000000000000006967074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84431fa65c27ec4b2022-01-05 10:05:27.463root 11241100x80000000000000006967075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a5e087b8bbd0082022-01-05 10:05:27.464root 11241100x80000000000000006967076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f999b584f64603182022-01-05 10:05:27.464root 11241100x80000000000000006967077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8a4bceb5359e612022-01-05 10:05:27.464root 11241100x80000000000000006967078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201678c8df3ceb002022-01-05 10:05:27.465root 11241100x80000000000000006967079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686d1dfb21aecf7f2022-01-05 10:05:27.465root 11241100x80000000000000006967080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c791a533e0d180752022-01-05 10:05:27.465root 11241100x80000000000000006967081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae96deee5cfc4ca92022-01-05 10:05:27.465root 11241100x80000000000000006967082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c43ad3112440e372022-01-05 10:05:27.959root 11241100x80000000000000006967083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddfd205a54b26a32022-01-05 10:05:27.960root 11241100x80000000000000006967084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cbadfe31511ee82022-01-05 10:05:27.960root 11241100x80000000000000006967085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009004d061c1d29a2022-01-05 10:05:27.960root 11241100x80000000000000006967086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941995f7ff62e1e72022-01-05 10:05:27.960root 11241100x80000000000000006967087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae942c8216e2ea12022-01-05 10:05:27.960root 11241100x80000000000000006967088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d718124789a5fff2022-01-05 10:05:27.961root 11241100x80000000000000006967089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17438371ca82a6e2022-01-05 10:05:27.961root 11241100x80000000000000006967090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1270ea592a7e94692022-01-05 10:05:27.961root 11241100x80000000000000006967091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93147dd7078d216e2022-01-05 10:05:27.961root 11241100x80000000000000006967092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0decafed88fa9cdd2022-01-05 10:05:27.961root 11241100x80000000000000006967093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73666071616a7422022-01-05 10:05:27.961root 11241100x80000000000000006967094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856bf5143cac55892022-01-05 10:05:27.961root 11241100x80000000000000006967095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ccd1c553c5c5242022-01-05 10:05:27.961root 11241100x80000000000000006967096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285230889d7cb6442022-01-05 10:05:27.962root 11241100x80000000000000006967097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72666b1c5c0ebf22022-01-05 10:05:27.962root 11241100x80000000000000006967098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73a31a65c06ea772022-01-05 10:05:27.962root 11241100x80000000000000006967099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510ea611a54d66fb2022-01-05 10:05:27.962root 11241100x80000000000000006967100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a621b879827e393c2022-01-05 10:05:27.963root 11241100x80000000000000006967101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780d146e98ff74a72022-01-05 10:05:27.963root 11241100x80000000000000006967102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2831ce0d31a5d72022-01-05 10:05:27.963root 11241100x80000000000000006967103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a04845cc9e26a592022-01-05 10:05:27.963root 11241100x80000000000000006967104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246ed8bbc0613a5a2022-01-05 10:05:27.963root 11241100x80000000000000006967105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf5c2c91280f82d2022-01-05 10:05:27.964root 11241100x80000000000000006967106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4859548d8a90582022-01-05 10:05:27.965root 11241100x80000000000000006967107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb648222a37b572a2022-01-05 10:05:27.965root 11241100x80000000000000006967108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660eeae8256e48ae2022-01-05 10:05:27.965root 11241100x80000000000000006967109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea05feda6393b12022-01-05 10:05:27.967root 11241100x80000000000000006967110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:27.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e406e37744e48a2022-01-05 10:05:27.967root 354300x80000000000000006967111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.106{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41780-false10.0.1.12-8000- 11241100x80000000000000006967112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6aea18105e897182022-01-05 10:05:28.460root 11241100x80000000000000006967113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fc39bc9c618f8c2022-01-05 10:05:28.460root 11241100x80000000000000006967114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ddd753d931c0da2022-01-05 10:05:28.460root 11241100x80000000000000006967115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7c37cd32b03b002022-01-05 10:05:28.460root 11241100x80000000000000006967116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418c030a8de938012022-01-05 10:05:28.460root 11241100x80000000000000006967117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500d96078b5cb392022-01-05 10:05:28.460root 11241100x80000000000000006967118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af64ef5a42ae15472022-01-05 10:05:28.461root 11241100x80000000000000006967119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7513a0fb2a0d7e922022-01-05 10:05:28.461root 11241100x80000000000000006967120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59614814cf852ced2022-01-05 10:05:28.461root 11241100x80000000000000006967121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c61dd8fdae00d12022-01-05 10:05:28.461root 11241100x80000000000000006967122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dd58e810a91c762022-01-05 10:05:28.461root 11241100x80000000000000006967123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2525523984e8b78f2022-01-05 10:05:28.461root 11241100x80000000000000006967124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5314aa2e55d3df602022-01-05 10:05:28.461root 11241100x80000000000000006967125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b79622b9260347c2022-01-05 10:05:28.462root 11241100x80000000000000006967126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf280fc0faaf76422022-01-05 10:05:28.462root 11241100x80000000000000006967127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7c3bd7a2cbc0d22022-01-05 10:05:28.462root 11241100x80000000000000006967128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b1be21ab194f0d2022-01-05 10:05:28.462root 11241100x80000000000000006967129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a38cf923ffec1d2022-01-05 10:05:28.462root 11241100x80000000000000006967130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b25af8a289905012022-01-05 10:05:28.462root 11241100x80000000000000006967131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4bb8586c167e52022-01-05 10:05:28.462root 11241100x80000000000000006967132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa001dd74684373e2022-01-05 10:05:28.462root 11241100x80000000000000006967133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f923e23e1b592bf2022-01-05 10:05:28.463root 11241100x80000000000000006967134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5f85849d14b01f2022-01-05 10:05:28.463root 11241100x80000000000000006967135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0d78325a97de362022-01-05 10:05:28.463root 11241100x80000000000000006967136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd191676e56e5102022-01-05 10:05:28.463root 11241100x80000000000000006967137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7e9b5653ee466f2022-01-05 10:05:28.463root 11241100x80000000000000006967138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928c4015c77a9b0a2022-01-05 10:05:28.463root 11241100x80000000000000006967139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1d7d86d190fc4d2022-01-05 10:05:28.464root 11241100x80000000000000006967140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4430dcd132b97ae2022-01-05 10:05:28.464root 11241100x80000000000000006967141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da32501492bd0fd2022-01-05 10:05:28.960root 11241100x80000000000000006967142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4537d599a6f1e1b22022-01-05 10:05:28.960root 11241100x80000000000000006967143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7757a8c55239142022-01-05 10:05:28.960root 11241100x80000000000000006967144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e68fd5133db47c2022-01-05 10:05:28.960root 11241100x80000000000000006967145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb578cd0086371e2022-01-05 10:05:28.960root 11241100x80000000000000006967146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea1a81455a55022022-01-05 10:05:28.960root 11241100x80000000000000006967147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217f1b7ddbe29ba32022-01-05 10:05:28.960root 11241100x80000000000000006967148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453fd052da13c2262022-01-05 10:05:28.960root 11241100x80000000000000006967149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e379c7f4354f492022-01-05 10:05:28.960root 11241100x80000000000000006967150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f032c777060a95d2022-01-05 10:05:28.961root 11241100x80000000000000006967151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1230181981e64db62022-01-05 10:05:28.961root 11241100x80000000000000006967152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ea797d722949292022-01-05 10:05:28.961root 11241100x80000000000000006967153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d3fe565b0ce6882022-01-05 10:05:28.961root 11241100x80000000000000006967154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a764687cdaa37e2022-01-05 10:05:28.961root 11241100x80000000000000006967155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d8c2fdf2a8d6a72022-01-05 10:05:28.961root 11241100x80000000000000006967156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1bab879889650a2022-01-05 10:05:28.961root 11241100x80000000000000006967157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd90fa06b0f71222022-01-05 10:05:28.961root 11241100x80000000000000006967158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca96da57411019de2022-01-05 10:05:28.961root 11241100x80000000000000006967159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38b59bf5ef2e29c2022-01-05 10:05:28.961root 11241100x80000000000000006967160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7b77cc57df6fae2022-01-05 10:05:28.961root 11241100x80000000000000006967161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ae203d7c4892e2022-01-05 10:05:28.962root 11241100x80000000000000006967162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b40cfa2edfdee72022-01-05 10:05:28.962root 11241100x80000000000000006967163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836bdb8bfcdaf10e2022-01-05 10:05:28.962root 11241100x80000000000000006967164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46206476b42911f92022-01-05 10:05:28.962root 11241100x80000000000000006967165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62f0d2b547ee8122022-01-05 10:05:28.962root 11241100x80000000000000006967166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4244aa60538fbfbf2022-01-05 10:05:28.963root 11241100x80000000000000006967167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a38c6926d68cfcb2022-01-05 10:05:28.963root 11241100x80000000000000006967168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4536d664e97f7dd92022-01-05 10:05:28.964root 11241100x80000000000000006967169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a5c99a675873a42022-01-05 10:05:28.964root 11241100x80000000000000006967170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:28.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1f6aa45fe7e1be2022-01-05 10:05:28.964root 11241100x80000000000000006967171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.220{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:05:29.220root 11241100x80000000000000006967172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e3660356a049d52022-01-05 10:05:29.221root 11241100x80000000000000006967173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b67ea91cd516652022-01-05 10:05:29.221root 11241100x80000000000000006967174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c3d98e74bb59872022-01-05 10:05:29.221root 11241100x80000000000000006967175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0350d80676fb99e12022-01-05 10:05:29.222root 11241100x80000000000000006967176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ada49a0c4f42cb2022-01-05 10:05:29.222root 11241100x80000000000000006967177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155a86b798b088c52022-01-05 10:05:29.222root 11241100x80000000000000006967178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d1071e5e037fac2022-01-05 10:05:29.223root 11241100x80000000000000006967179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15896002075db51a2022-01-05 10:05:29.223root 11241100x80000000000000006967180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a3d8908d0328f22022-01-05 10:05:29.223root 11241100x80000000000000006967181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50427586656cb142022-01-05 10:05:29.224root 11241100x80000000000000006967182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb64f88303f7fc92022-01-05 10:05:29.224root 11241100x80000000000000006967183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1a2a7d3ac4cc892022-01-05 10:05:29.224root 11241100x80000000000000006967184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaf5e203548cf812022-01-05 10:05:29.224root 11241100x80000000000000006967185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c510cfded8d23902022-01-05 10:05:29.224root 11241100x80000000000000006967186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f46a3e022328412022-01-05 10:05:29.224root 11241100x80000000000000006967187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908c95b312bf2bde2022-01-05 10:05:29.224root 11241100x80000000000000006967188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4c7517570d6b9a2022-01-05 10:05:29.224root 11241100x80000000000000006967189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b967dce1719b342022-01-05 10:05:29.225root 11241100x80000000000000006967190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af838f1a0584585e2022-01-05 10:05:29.225root 11241100x80000000000000006967191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72592e1d0916e692022-01-05 10:05:29.225root 11241100x80000000000000006967192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bffae5dc761dae52022-01-05 10:05:29.225root 11241100x80000000000000006967193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62695a0d90956fda2022-01-05 10:05:29.225root 11241100x80000000000000006967194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64067bda8e6e7092022-01-05 10:05:29.225root 11241100x80000000000000006967195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f122bdd2fa25fa212022-01-05 10:05:29.225root 11241100x80000000000000006967196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad1158557385d242022-01-05 10:05:29.225root 11241100x80000000000000006967197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad805f230315c4f2022-01-05 10:05:29.225root 11241100x80000000000000006967198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd997c544d5bd862022-01-05 10:05:29.226root 11241100x80000000000000006967199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf21a87443d060682022-01-05 10:05:29.226root 11241100x80000000000000006967200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62e5564514a23272022-01-05 10:05:29.226root 11241100x80000000000000006967201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a287b13d41270daf2022-01-05 10:05:29.226root 11241100x80000000000000006967202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad826832e5f311d2022-01-05 10:05:29.226root 11241100x80000000000000006967203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5daa73436eb7492022-01-05 10:05:29.226root 11241100x80000000000000006967204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395d47fd5eeeebb82022-01-05 10:05:29.226root 11241100x80000000000000006967205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86518974b04850d02022-01-05 10:05:29.227root 11241100x80000000000000006967206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ec7e468e366c0f2022-01-05 10:05:29.227root 11241100x80000000000000006967207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b3355a82f689da2022-01-05 10:05:29.227root 11241100x80000000000000006967208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e0fe2e22dab5e32022-01-05 10:05:29.709root 11241100x80000000000000006967209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5334b524848aee02022-01-05 10:05:29.709root 11241100x80000000000000006967210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d6409c114c54372022-01-05 10:05:29.709root 11241100x80000000000000006967211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e75f61bcfeb851d2022-01-05 10:05:29.709root 11241100x80000000000000006967212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949c58d10d8fd3702022-01-05 10:05:29.709root 11241100x80000000000000006967213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217924ddc1d868ea2022-01-05 10:05:29.710root 11241100x80000000000000006967214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69c55658f1f807d2022-01-05 10:05:29.710root 11241100x80000000000000006967215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a643944c3e84932022-01-05 10:05:29.710root 11241100x80000000000000006967216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515b571aed51b0cf2022-01-05 10:05:29.710root 11241100x80000000000000006967217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9303a29a0927442022-01-05 10:05:29.711root 11241100x80000000000000006967218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8724bd712388f62022-01-05 10:05:29.711root 11241100x80000000000000006967219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8241b47f338525742022-01-05 10:05:29.711root 11241100x80000000000000006967220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d7e00e752113542022-01-05 10:05:29.711root 11241100x80000000000000006967221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265338768fd418002022-01-05 10:05:29.711root 11241100x80000000000000006967222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c7278e0c0f07b42022-01-05 10:05:29.711root 11241100x80000000000000006967223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0319f86b7c264bd2022-01-05 10:05:29.711root 11241100x80000000000000006967224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5ed4660b71d6a42022-01-05 10:05:29.711root 11241100x80000000000000006967225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9828d60f894f75552022-01-05 10:05:29.711root 11241100x80000000000000006967226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcabfb2b5721b7ee2022-01-05 10:05:29.711root 11241100x80000000000000006967227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b46f7ec0bdc8fc72022-01-05 10:05:29.711root 11241100x80000000000000006967228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b03f713ea622b102022-01-05 10:05:29.712root 11241100x80000000000000006967229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0cfcb47b7280c82022-01-05 10:05:29.712root 11241100x80000000000000006967230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76af987a068577322022-01-05 10:05:29.712root 11241100x80000000000000006967231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1935785cd5d9692022-01-05 10:05:29.712root 11241100x80000000000000006967232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba76771e838e2692022-01-05 10:05:29.712root 11241100x80000000000000006967233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ba2604fea0b20e2022-01-05 10:05:29.712root 11241100x80000000000000006967234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9bd1bd9a91e1dc2022-01-05 10:05:29.712root 11241100x80000000000000006967235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605bcb9de96b5abb2022-01-05 10:05:29.712root 11241100x80000000000000006967236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59532db8c14d17e22022-01-05 10:05:29.713root 11241100x80000000000000006967237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669a678fe6d1f2ce2022-01-05 10:05:29.713root 11241100x80000000000000006967238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adefbd834ef22e972022-01-05 10:05:29.713root 11241100x80000000000000006967239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629a4480d862cc772022-01-05 10:05:29.714root 11241100x80000000000000006967240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e1d81b91861bf42022-01-05 10:05:29.714root 11241100x80000000000000006967241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503fc43aff3834472022-01-05 10:05:29.714root 11241100x80000000000000006967242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916a5dd699762c452022-01-05 10:05:29.714root 11241100x80000000000000006967243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58aaacc1d303bea2022-01-05 10:05:29.715root 11241100x80000000000000006967244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928d6fec7cd08c042022-01-05 10:05:29.715root 11241100x80000000000000006967245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aea45cf6b09ff242022-01-05 10:05:29.716root 11241100x80000000000000006967246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34aafe30e47b3282022-01-05 10:05:29.716root 11241100x80000000000000006967247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ad6c90a493a3c2022-01-05 10:05:29.716root 11241100x80000000000000006967248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdfd3f3d3dfd1d62022-01-05 10:05:29.716root 11241100x80000000000000006967249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf650f0542d555382022-01-05 10:05:29.716root 11241100x80000000000000006967250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b288decb2e840f042022-01-05 10:05:29.716root 11241100x80000000000000006967251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ab2a40423e42802022-01-05 10:05:29.716root 11241100x80000000000000006967252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740c58459c39b0a12022-01-05 10:05:29.716root 11241100x80000000000000006967253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec7711c90253c822022-01-05 10:05:29.717root 11241100x80000000000000006967254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7950e488e0b7c0412022-01-05 10:05:29.717root 11241100x80000000000000006967255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f01bfd7406e3782022-01-05 10:05:29.717root 11241100x80000000000000006967256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e6d2d219878b1d2022-01-05 10:05:29.718root 11241100x80000000000000006967257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076ec732b88f97da2022-01-05 10:05:29.718root 11241100x80000000000000006967258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe612f69f4ab9192022-01-05 10:05:29.718root 11241100x80000000000000006967259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e60330f37c9d7a52022-01-05 10:05:29.718root 11241100x80000000000000006967260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848c34b4680346fe2022-01-05 10:05:29.718root 11241100x80000000000000006967261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3900abd5bde3be2022-01-05 10:05:29.718root 11241100x80000000000000006967262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367abaa45cef11292022-01-05 10:05:29.718root 11241100x80000000000000006967263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec31b3c20932c6b82022-01-05 10:05:29.719root 11241100x80000000000000006967264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7382d650ea277a2022-01-05 10:05:29.720root 11241100x80000000000000006967265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345ced56400f9cd72022-01-05 10:05:29.720root 11241100x80000000000000006967266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dbeeb291562c582022-01-05 10:05:29.721root 11241100x80000000000000006967267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677208e2c6b51aef2022-01-05 10:05:29.721root 11241100x80000000000000006967268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1074da84eb1aecd42022-01-05 10:05:29.721root 11241100x80000000000000006967269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8334f41fd402d72022-01-05 10:05:29.721root 11241100x80000000000000006967270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b833f52f5276db52022-01-05 10:05:29.722root 11241100x80000000000000006967271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802a79ba10aee2a2022-01-05 10:05:29.722root 11241100x80000000000000006967272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d303eae3c8ed64f42022-01-05 10:05:29.722root 11241100x80000000000000006967273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5cb19164650dfa2022-01-05 10:05:29.722root 11241100x80000000000000006967274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e64b778359c3a92022-01-05 10:05:29.722root 11241100x80000000000000006967275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6805fdcf34f919172022-01-05 10:05:29.722root 11241100x80000000000000006967276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8be79f2fe1517142022-01-05 10:05:29.722root 11241100x80000000000000006967277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef381dceff41ee72022-01-05 10:05:29.722root 11241100x80000000000000006967278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03aba6b67be28cd2022-01-05 10:05:29.722root 11241100x80000000000000006967279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdf02046f4a22da2022-01-05 10:05:29.723root 11241100x80000000000000006967280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37cbd8c5e4bc2d02022-01-05 10:05:29.723root 11241100x80000000000000006967281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ea033b4a2481832022-01-05 10:05:29.723root 11241100x80000000000000006967282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793fb3b08916a9182022-01-05 10:05:29.723root 11241100x80000000000000006967283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf8b29190b8df952022-01-05 10:05:29.723root 11241100x80000000000000006967284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef55b27ae7a8f31a2022-01-05 10:05:29.723root 11241100x80000000000000006967285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c7adf85d1aadbf2022-01-05 10:05:29.723root 11241100x80000000000000006967286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12751c49fddb54f2022-01-05 10:05:29.723root 11241100x80000000000000006967287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6183f10f7ed107232022-01-05 10:05:29.726root 11241100x80000000000000006967288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0c29f201311eb42022-01-05 10:05:29.727root 11241100x80000000000000006967289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836b0aa3ac4362782022-01-05 10:05:29.727root 11241100x80000000000000006967290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f38bfd6c2c150722022-01-05 10:05:29.727root 11241100x80000000000000006967291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181ebf2036cd4b662022-01-05 10:05:29.727root 11241100x80000000000000006967292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:29.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c67426b982d40ca2022-01-05 10:05:29.727root 11241100x80000000000000006967293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4b9713be57cefa2022-01-05 10:05:30.209root 11241100x80000000000000006967294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b8a02a2a6599732022-01-05 10:05:30.210root 11241100x80000000000000006967295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7471e93f4fdeda392022-01-05 10:05:30.210root 11241100x80000000000000006967296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2550869b52e5432022-01-05 10:05:30.210root 11241100x80000000000000006967297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa6ad820718323e2022-01-05 10:05:30.210root 11241100x80000000000000006967298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2baab9a9131aef12022-01-05 10:05:30.210root 11241100x80000000000000006967299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34e9d82bb44ff0e2022-01-05 10:05:30.210root 11241100x80000000000000006967300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6719db9e34d4eed2022-01-05 10:05:30.211root 11241100x80000000000000006967301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d722fcbc302034782022-01-05 10:05:30.211root 11241100x80000000000000006967302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1965cd7dcab1b99d2022-01-05 10:05:30.211root 11241100x80000000000000006967303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af53b56f697aa1792022-01-05 10:05:30.211root 11241100x80000000000000006967304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5161c9c9c876b7d82022-01-05 10:05:30.211root 11241100x80000000000000006967305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e662b9d15ba8e972022-01-05 10:05:30.211root 11241100x80000000000000006967306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659d4b857fef8f672022-01-05 10:05:30.211root 11241100x80000000000000006967307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2000a27b81b1fbe2022-01-05 10:05:30.211root 11241100x80000000000000006967308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a365f9880a6cd042022-01-05 10:05:30.211root 11241100x80000000000000006967309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df48d43f02646c232022-01-05 10:05:30.211root 11241100x80000000000000006967310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21569c4f2507a6682022-01-05 10:05:30.211root 11241100x80000000000000006967311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e36b0ddce58c562022-01-05 10:05:30.211root 11241100x80000000000000006967312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873995b801a5c56e2022-01-05 10:05:30.211root 11241100x80000000000000006967313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174356350b23f5e72022-01-05 10:05:30.211root 11241100x80000000000000006967314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1badc316e81c032022-01-05 10:05:30.211root 11241100x80000000000000006967315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722a3e16c4ceead52022-01-05 10:05:30.211root 11241100x80000000000000006967316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72ae8dff300db262022-01-05 10:05:30.212root 11241100x80000000000000006967317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8085d71fd74768e2022-01-05 10:05:30.212root 11241100x80000000000000006967318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd74ce6738930542022-01-05 10:05:30.212root 11241100x80000000000000006967319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fac7e2864458802022-01-05 10:05:30.212root 11241100x80000000000000006967320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4344aef3ff581ac42022-01-05 10:05:30.212root 11241100x80000000000000006967321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6faa26411360ec2c2022-01-05 10:05:30.212root 11241100x80000000000000006967322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb1d8843d809a4a2022-01-05 10:05:30.212root 11241100x80000000000000006967323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539520a6bb631e062022-01-05 10:05:30.212root 11241100x80000000000000006967324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335c50d0d8ef246c2022-01-05 10:05:30.212root 11241100x80000000000000006967325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175e5992b77c9a7a2022-01-05 10:05:30.212root 11241100x80000000000000006967326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8275153f14a37a262022-01-05 10:05:30.212root 11241100x80000000000000006967327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3009fd1eba0d83cb2022-01-05 10:05:30.212root 11241100x80000000000000006967328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5791a4f4974f5262022-01-05 10:05:30.709root 11241100x80000000000000006967329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e78fe8187315542022-01-05 10:05:30.710root 11241100x80000000000000006967330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0292561eb5846d52022-01-05 10:05:30.710root 11241100x80000000000000006967331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c76001b3312f7942022-01-05 10:05:30.710root 11241100x80000000000000006967332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca59c3c686330642022-01-05 10:05:30.710root 11241100x80000000000000006967333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53280f828ff1b9152022-01-05 10:05:30.712root 11241100x80000000000000006967334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cb2b4242e9f2d22022-01-05 10:05:30.712root 11241100x80000000000000006967335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4294822e888e29202022-01-05 10:05:30.712root 11241100x80000000000000006967336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f8de51978498992022-01-05 10:05:30.712root 11241100x80000000000000006967337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1900c92d9519dc2022-01-05 10:05:30.712root 11241100x80000000000000006967338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced1b86fcc6510af2022-01-05 10:05:30.712root 11241100x80000000000000006967339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642006f104c126f02022-01-05 10:05:30.713root 11241100x80000000000000006967340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a5ebd318e9b92b2022-01-05 10:05:30.713root 11241100x80000000000000006967341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146d898f329df7fd2022-01-05 10:05:30.713root 11241100x80000000000000006967342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8f49bf9d3c333e2022-01-05 10:05:30.713root 11241100x80000000000000006967343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c723e61994aa612022-01-05 10:05:30.713root 11241100x80000000000000006967344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b292575ebbecae2c2022-01-05 10:05:30.713root 11241100x80000000000000006967345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b16fcba10b60ac92022-01-05 10:05:30.714root 11241100x80000000000000006967346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7eb1753d5b0ab52022-01-05 10:05:30.714root 11241100x80000000000000006967347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a238d429fb6594832022-01-05 10:05:30.714root 11241100x80000000000000006967348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60189c630a00d902022-01-05 10:05:30.714root 11241100x80000000000000006967349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321ba252723f0eab2022-01-05 10:05:30.714root 11241100x80000000000000006967350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e681974ed0faf3142022-01-05 10:05:30.714root 11241100x80000000000000006967351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4f7f311dfc1ab62022-01-05 10:05:30.714root 11241100x80000000000000006967352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b72499d79a593812022-01-05 10:05:30.714root 11241100x80000000000000006967353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366bffd90bf710e02022-01-05 10:05:30.714root 11241100x80000000000000006967354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f912fd03edf64ac2022-01-05 10:05:30.714root 11241100x80000000000000006967355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70cbcab540769fc2022-01-05 10:05:30.714root 11241100x80000000000000006967356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295899d5fbbe38582022-01-05 10:05:30.715root 11241100x80000000000000006967357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491141f37787266d2022-01-05 10:05:30.715root 11241100x80000000000000006967358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38322b38f08f042022-01-05 10:05:30.715root 11241100x80000000000000006967359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:30.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bc6f7a7d9c7d142022-01-05 10:05:30.715root 11241100x80000000000000006967360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8116e10c508b5a212022-01-05 10:05:31.209root 11241100x80000000000000006967361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da1fe8152a07db12022-01-05 10:05:31.209root 11241100x80000000000000006967362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e65056bec0d4bc2022-01-05 10:05:31.210root 11241100x80000000000000006967363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fb9d21ac363d4f2022-01-05 10:05:31.210root 11241100x80000000000000006967364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04782fdf894c562f2022-01-05 10:05:31.210root 11241100x80000000000000006967365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b98d88246c29f62022-01-05 10:05:31.210root 11241100x80000000000000006967366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b91d645cd7df292022-01-05 10:05:31.210root 11241100x80000000000000006967367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f755b0b228ff467d2022-01-05 10:05:31.210root 11241100x80000000000000006967368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c078ed5ecbbe882022-01-05 10:05:31.210root 11241100x80000000000000006967369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32569beb40a5d4602022-01-05 10:05:31.210root 11241100x80000000000000006967370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200d5ad83330a532022-01-05 10:05:31.210root 11241100x80000000000000006967371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc59b260caf24c252022-01-05 10:05:31.210root 11241100x80000000000000006967372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e06b59401940772022-01-05 10:05:31.210root 11241100x80000000000000006967373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42c37b74e6ee29c2022-01-05 10:05:31.210root 11241100x80000000000000006967374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f1eb6aff3cf4842022-01-05 10:05:31.210root 11241100x80000000000000006967375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c81417a9484ab22022-01-05 10:05:31.210root 11241100x80000000000000006967376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8d4a95517a52252022-01-05 10:05:31.210root 11241100x80000000000000006967377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6855edcf645aea9d2022-01-05 10:05:31.210root 11241100x80000000000000006967378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d374fd8cae3b392022-01-05 10:05:31.211root 11241100x80000000000000006967379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c521d645b1d7012022-01-05 10:05:31.211root 11241100x80000000000000006967380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e863a750f5b072e32022-01-05 10:05:31.211root 11241100x80000000000000006967381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18412aac707215072022-01-05 10:05:31.211root 11241100x80000000000000006967382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dea5590005c236a2022-01-05 10:05:31.211root 11241100x80000000000000006967383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7370595895233c5f2022-01-05 10:05:31.211root 11241100x80000000000000006967384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfe65d2b83db5852022-01-05 10:05:31.211root 11241100x80000000000000006967385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff3918e66aeb37d2022-01-05 10:05:31.211root 11241100x80000000000000006967386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c2940451a5cbf92022-01-05 10:05:31.211root 11241100x80000000000000006967387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671cdb707d772af52022-01-05 10:05:31.212root 11241100x80000000000000006967388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e761539d3b6a432022-01-05 10:05:31.212root 11241100x80000000000000006967389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c7602f026a8d772022-01-05 10:05:31.212root 11241100x80000000000000006967390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c39cd3704fe5e22022-01-05 10:05:31.709root 11241100x80000000000000006967391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aef46d388a6d122022-01-05 10:05:31.710root 11241100x80000000000000006967392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfd95e44012aed32022-01-05 10:05:31.710root 11241100x80000000000000006967393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e1e755e18bfb322022-01-05 10:05:31.710root 11241100x80000000000000006967394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2402f7c27ccfdda12022-01-05 10:05:31.710root 11241100x80000000000000006967395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681c5e77a3a8bc2f2022-01-05 10:05:31.710root 11241100x80000000000000006967396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f212fb34130d66652022-01-05 10:05:31.711root 11241100x80000000000000006967397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd15b72e6578b92e2022-01-05 10:05:31.711root 11241100x80000000000000006967398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06132343608224de2022-01-05 10:05:31.711root 11241100x80000000000000006967399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffeb8c8e2cb356322022-01-05 10:05:31.711root 11241100x80000000000000006967400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3212322ade730b02022-01-05 10:05:31.711root 11241100x80000000000000006967401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919da4a74f08cb042022-01-05 10:05:31.711root 11241100x80000000000000006967402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00096448916eccc02022-01-05 10:05:31.712root 11241100x80000000000000006967403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c324c5dcff7617532022-01-05 10:05:31.712root 11241100x80000000000000006967404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cf1b63d09cc4ff2022-01-05 10:05:31.712root 11241100x80000000000000006967405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e047eab64b9257792022-01-05 10:05:31.712root 11241100x80000000000000006967406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6a6a009ee99f842022-01-05 10:05:31.712root 11241100x80000000000000006967407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32f4ad8899378352022-01-05 10:05:31.712root 11241100x80000000000000006967408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df89b45da24332ef2022-01-05 10:05:31.712root 11241100x80000000000000006967409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8975b218ad22a32022-01-05 10:05:31.712root 11241100x80000000000000006967410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90867935ee6c43172022-01-05 10:05:31.712root 11241100x80000000000000006967411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822308987cb7ff772022-01-05 10:05:31.713root 11241100x80000000000000006967412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8b1a63f19e46282022-01-05 10:05:31.713root 11241100x80000000000000006967413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1375df8fdc018a592022-01-05 10:05:31.713root 11241100x80000000000000006967414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e7e5785b3120fd2022-01-05 10:05:31.713root 11241100x80000000000000006967415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506da87155a2aa462022-01-05 10:05:31.713root 11241100x80000000000000006967416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9610efa128a73e0a2022-01-05 10:05:31.713root 11241100x80000000000000006967417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684218e2a5cfdea92022-01-05 10:05:31.713root 11241100x80000000000000006967418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ceb9efb164a0e02022-01-05 10:05:31.713root 11241100x80000000000000006967419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a83eca831d4d9112022-01-05 10:05:31.713root 11241100x80000000000000006967420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2733620dd0ef6d452022-01-05 10:05:31.713root 11241100x80000000000000006967421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1285c2c16a6fce72022-01-05 10:05:31.713root 11241100x80000000000000006967422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7c755b1d899c5c2022-01-05 10:05:31.713root 11241100x80000000000000006967423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338f2ab252ff7edc2022-01-05 10:05:32.209root 11241100x80000000000000006967424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2110b5f0526626e82022-01-05 10:05:32.209root 11241100x80000000000000006967425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe1f76c5e92a2202022-01-05 10:05:32.209root 11241100x80000000000000006967426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ebe8fd3b1ec09c2022-01-05 10:05:32.209root 11241100x80000000000000006967427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01adf94b5e9ce4832022-01-05 10:05:32.209root 11241100x80000000000000006967428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabe1c5d2b187da22022-01-05 10:05:32.210root 11241100x80000000000000006967429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d6d4bf08ded31e2022-01-05 10:05:32.210root 11241100x80000000000000006967430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a84fdbdb9b20a422022-01-05 10:05:32.210root 11241100x80000000000000006967431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d57a8f55984f872022-01-05 10:05:32.210root 11241100x80000000000000006967432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e15858e0d2d01d2022-01-05 10:05:32.210root 11241100x80000000000000006967433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e53c3546c9493f92022-01-05 10:05:32.210root 11241100x80000000000000006967434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d946297b4204ed992022-01-05 10:05:32.210root 11241100x80000000000000006967435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3c44f7068ed2e42022-01-05 10:05:32.210root 11241100x80000000000000006967436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02003050d190c84a2022-01-05 10:05:32.210root 11241100x80000000000000006967437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e481d786c69b6f2022-01-05 10:05:32.210root 11241100x80000000000000006967438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4f5591d0ec3b142022-01-05 10:05:32.210root 11241100x80000000000000006967439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa5f6a76160d0142022-01-05 10:05:32.210root 11241100x80000000000000006967440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a774cf8130932692022-01-05 10:05:32.211root 11241100x80000000000000006967441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c58066d2e534062022-01-05 10:05:32.211root 11241100x80000000000000006967442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58de1499b25ddcee2022-01-05 10:05:32.211root 11241100x80000000000000006967443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d965d18395ee8042022-01-05 10:05:32.211root 11241100x80000000000000006967444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbd3b8708957e872022-01-05 10:05:32.211root 11241100x80000000000000006967445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022f6180bcab5f082022-01-05 10:05:32.212root 11241100x80000000000000006967446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1dd5a223cc0f732022-01-05 10:05:32.212root 11241100x80000000000000006967447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5cfcec6dba37d32022-01-05 10:05:32.212root 11241100x80000000000000006967448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28e6e81d0afa55b2022-01-05 10:05:32.212root 11241100x80000000000000006967449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cbb9af6be956d72022-01-05 10:05:32.212root 11241100x80000000000000006967450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1bb51550030e572022-01-05 10:05:32.212root 11241100x80000000000000006967451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8392c6da22c0ee2022-01-05 10:05:32.213root 11241100x80000000000000006967452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1719a5fcae0e302022-01-05 10:05:32.213root 11241100x80000000000000006967453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57564e39fc984c252022-01-05 10:05:32.213root 11241100x80000000000000006967454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbc09ae6c2829a92022-01-05 10:05:32.213root 11241100x80000000000000006967455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fc1a941244dfe62022-01-05 10:05:32.213root 11241100x80000000000000006967456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e03feecaeea0fbe2022-01-05 10:05:32.214root 11241100x80000000000000006967457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c5af4c2785c1f02022-01-05 10:05:32.214root 11241100x80000000000000006967458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753ae7a0917a27ed2022-01-05 10:05:32.214root 11241100x80000000000000006967459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324f4b5ce1b2e6012022-01-05 10:05:32.214root 11241100x80000000000000006967460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3514493a00c327c2022-01-05 10:05:32.214root 11241100x80000000000000006967461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f214b533c6a92cbe2022-01-05 10:05:32.215root 11241100x80000000000000006967462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621a33a5930ba22b2022-01-05 10:05:32.215root 11241100x80000000000000006967463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61efe083be8619d22022-01-05 10:05:32.215root 11241100x80000000000000006967464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79f909a50c0e1822022-01-05 10:05:32.216root 11241100x80000000000000006967465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e321ba60215ee2a2022-01-05 10:05:32.216root 11241100x80000000000000006967466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e630cf7b4352b29b2022-01-05 10:05:32.216root 11241100x80000000000000006967467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf5a8bb1443dc312022-01-05 10:05:32.217root 11241100x80000000000000006967468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4743ca6b728ae72022-01-05 10:05:32.217root 11241100x80000000000000006967469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a25d61a6ab0a2b2022-01-05 10:05:32.217root 11241100x80000000000000006967470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577fa0674092de6e2022-01-05 10:05:32.217root 23542300x80000000000000006967471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006967472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94be532a13ee076a2022-01-05 10:05:32.710root 11241100x80000000000000006967473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abbf414085a9f752022-01-05 10:05:32.710root 11241100x80000000000000006967474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a109f634d9b927df2022-01-05 10:05:32.711root 11241100x80000000000000006967475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5feec54fae12fa82022-01-05 10:05:32.711root 11241100x80000000000000006967476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a9e1cabcfd41d22022-01-05 10:05:32.711root 11241100x80000000000000006967477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7ae99e05053fc12022-01-05 10:05:32.711root 11241100x80000000000000006967478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568ace9c67c6fcd62022-01-05 10:05:32.711root 11241100x80000000000000006967479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32ffa95c07146cb2022-01-05 10:05:32.712root 11241100x80000000000000006967480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41957369103839732022-01-05 10:05:32.712root 11241100x80000000000000006967481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4e2259878e99fb2022-01-05 10:05:32.712root 11241100x80000000000000006967482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ec755979aadde12022-01-05 10:05:32.712root 11241100x80000000000000006967483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c610cd68259a26a92022-01-05 10:05:32.712root 11241100x80000000000000006967484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c614bae26fcdc42022-01-05 10:05:32.713root 11241100x80000000000000006967485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8144cb700cad4b952022-01-05 10:05:32.713root 11241100x80000000000000006967486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9747bc9a8c89f12022-01-05 10:05:32.713root 11241100x80000000000000006967487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcd72a64393d4662022-01-05 10:05:32.713root 11241100x80000000000000006967488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1695846802b6062022-01-05 10:05:32.713root 11241100x80000000000000006967489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e557439d929cc02022-01-05 10:05:32.714root 11241100x80000000000000006967490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ff0d5376715c9d2022-01-05 10:05:32.714root 11241100x80000000000000006967491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197c4c05c20faf9d2022-01-05 10:05:32.714root 11241100x80000000000000006967492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21b757fa88a3d5b2022-01-05 10:05:32.714root 11241100x80000000000000006967493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9303d4e336cd631b2022-01-05 10:05:32.715root 11241100x80000000000000006967494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4f3ac2b2ceebaf2022-01-05 10:05:32.715root 11241100x80000000000000006967495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3e29b0854b5fca2022-01-05 10:05:32.715root 11241100x80000000000000006967496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf74e7022cb4dce2022-01-05 10:05:32.715root 11241100x80000000000000006967497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4e01d274e8ccc92022-01-05 10:05:32.715root 11241100x80000000000000006967498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7938a7008d0ad92022-01-05 10:05:32.715root 11241100x80000000000000006967499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ff2d07b4ff0f492022-01-05 10:05:32.715root 11241100x80000000000000006967500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67be0d219a6187b2022-01-05 10:05:32.715root 11241100x80000000000000006967501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ef4ab84d86630c2022-01-05 10:05:32.715root 11241100x80000000000000006967502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:32.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e445d3d554fd74a72022-01-05 10:05:32.716root 11241100x80000000000000006967503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07e264b996a221f2022-01-05 10:05:33.209root 11241100x80000000000000006967504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449c2ee480c0386c2022-01-05 10:05:33.209root 11241100x80000000000000006967505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e923dee187ddcdf2022-01-05 10:05:33.210root 11241100x80000000000000006967506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e014bcccb065bd002022-01-05 10:05:33.210root 11241100x80000000000000006967507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b53023e18d74c962022-01-05 10:05:33.210root 11241100x80000000000000006967508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be441ebb6b6c3bae2022-01-05 10:05:33.210root 11241100x80000000000000006967509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c427014c983f3a02022-01-05 10:05:33.210root 11241100x80000000000000006967510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b5ea623231c2d32022-01-05 10:05:33.210root 11241100x80000000000000006967511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7ef821c3a454c72022-01-05 10:05:33.211root 11241100x80000000000000006967512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb29dd7b5b78de82022-01-05 10:05:33.211root 11241100x80000000000000006967513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb78ac9b94678502022-01-05 10:05:33.211root 11241100x80000000000000006967514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916fb0d757d69fc92022-01-05 10:05:33.211root 11241100x80000000000000006967515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4113f18f7bfe26e2022-01-05 10:05:33.212root 11241100x80000000000000006967516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3afe84753e33b82022-01-05 10:05:33.212root 11241100x80000000000000006967517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015845db0b89e1e32022-01-05 10:05:33.212root 11241100x80000000000000006967518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa74fe458967272022-01-05 10:05:33.213root 11241100x80000000000000006967519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11e394324297efe2022-01-05 10:05:33.213root 11241100x80000000000000006967520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9d209bbe867e342022-01-05 10:05:33.213root 11241100x80000000000000006967521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d549b7ebbff0d7942022-01-05 10:05:33.214root 11241100x80000000000000006967522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc4c3411257f9642022-01-05 10:05:33.214root 11241100x80000000000000006967523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6888c123736ab42022-01-05 10:05:33.214root 11241100x80000000000000006967524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b83eb6b83898662022-01-05 10:05:33.214root 11241100x80000000000000006967525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290f0b3263c0ea542022-01-05 10:05:33.215root 11241100x80000000000000006967526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f056313185807e2022-01-05 10:05:33.216root 11241100x80000000000000006967527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7e44ff8eded4f72022-01-05 10:05:33.216root 11241100x80000000000000006967528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7e5749b175e8912022-01-05 10:05:33.216root 11241100x80000000000000006967529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e867d4d4a0bf1c2022-01-05 10:05:33.217root 11241100x80000000000000006967530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af58069a3bdb7f02022-01-05 10:05:33.217root 11241100x80000000000000006967531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6cbac9e9ccd59d2022-01-05 10:05:33.218root 11241100x80000000000000006967532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f57c571afcbc6d2022-01-05 10:05:33.218root 11241100x80000000000000006967533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63425d66e64576ba2022-01-05 10:05:33.218root 11241100x80000000000000006967534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fe20fdf7cdc0682022-01-05 10:05:33.218root 11241100x80000000000000006967535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899dcc0257fb61f82022-01-05 10:05:33.218root 11241100x80000000000000006967536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e832b92f530497262022-01-05 10:05:33.219root 11241100x80000000000000006967537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051586cb23b1cf172022-01-05 10:05:33.219root 11241100x80000000000000006967538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee88379b1b4e9f22022-01-05 10:05:33.219root 11241100x80000000000000006967539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ff86bd0774f402022-01-05 10:05:33.219root 11241100x80000000000000006967540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d30aa38a27533e2022-01-05 10:05:33.219root 11241100x80000000000000006967541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a240418211110c2022-01-05 10:05:33.709root 11241100x80000000000000006967542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d6ca10b336651f2022-01-05 10:05:33.709root 11241100x80000000000000006967543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0b9642329ae6762022-01-05 10:05:33.709root 11241100x80000000000000006967544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd883a912bfc1e122022-01-05 10:05:33.710root 11241100x80000000000000006967545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c655bad7f99c7a2022-01-05 10:05:33.710root 11241100x80000000000000006967546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c068628fe91b761d2022-01-05 10:05:33.710root 11241100x80000000000000006967547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878c4fbf4e5de2122022-01-05 10:05:33.710root 11241100x80000000000000006967548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eda6c34b6f010e02022-01-05 10:05:33.710root 11241100x80000000000000006967549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9055a56f1f0dd3072022-01-05 10:05:33.710root 11241100x80000000000000006967550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb05595f509ad162022-01-05 10:05:33.710root 11241100x80000000000000006967551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fa8feffea960ca2022-01-05 10:05:33.710root 11241100x80000000000000006967552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c224e5f09549f2022-01-05 10:05:33.710root 11241100x80000000000000006967553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10794d0f7f1de59f2022-01-05 10:05:33.710root 11241100x80000000000000006967554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe39a15e97f72362022-01-05 10:05:33.711root 11241100x80000000000000006967555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a93acf107e42622022-01-05 10:05:33.711root 11241100x80000000000000006967556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb0145189c40a152022-01-05 10:05:33.711root 11241100x80000000000000006967557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ba91f5433e74642022-01-05 10:05:33.712root 11241100x80000000000000006967558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f22ba309456dc332022-01-05 10:05:33.712root 11241100x80000000000000006967559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1be36aa9aeb3252022-01-05 10:05:33.712root 11241100x80000000000000006967560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc14828d8a741ff2022-01-05 10:05:33.712root 11241100x80000000000000006967561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f18b31ae8805ec12022-01-05 10:05:33.712root 11241100x80000000000000006967562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f72a31d4d69f0c02022-01-05 10:05:33.712root 11241100x80000000000000006967563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f61e9cbba61d6d12022-01-05 10:05:33.713root 11241100x80000000000000006967564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aece9fdfbbfc5ef2022-01-05 10:05:33.713root 11241100x80000000000000006967565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cd8d2bf75e22752022-01-05 10:05:33.713root 11241100x80000000000000006967566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56449154b1243ca82022-01-05 10:05:33.713root 11241100x80000000000000006967567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af08d89f031e01682022-01-05 10:05:33.713root 11241100x80000000000000006967568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb00d52dae5198b2022-01-05 10:05:33.714root 11241100x80000000000000006967569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46425558ef8ed88a2022-01-05 10:05:33.714root 11241100x80000000000000006967570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dd198a7812b9352022-01-05 10:05:33.714root 11241100x80000000000000006967571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20476463b5a039a2022-01-05 10:05:33.714root 11241100x80000000000000006967572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e88bea143a6b802022-01-05 10:05:33.714root 11241100x80000000000000006967573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb0519a2a8221f02022-01-05 10:05:33.715root 11241100x80000000000000006967574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ad0d2c0e617f0b2022-01-05 10:05:33.715root 11241100x80000000000000006967575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8727df51c3a5c72022-01-05 10:05:33.715root 11241100x80000000000000006967576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a301b7166fc3aa2022-01-05 10:05:33.715root 11241100x80000000000000006967577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f727c6995ef89cac2022-01-05 10:05:33.715root 11241100x80000000000000006967578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc12957c3e20dcb2022-01-05 10:05:33.716root 11241100x80000000000000006967579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f967e432fa3e3992022-01-05 10:05:33.716root 11241100x80000000000000006967580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d0f6eca958c03f2022-01-05 10:05:33.717root 11241100x80000000000000006967581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73173f9ec300ccd2022-01-05 10:05:33.717root 11241100x80000000000000006967582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ff8ae799ae16e82022-01-05 10:05:33.717root 11241100x80000000000000006967583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910acaba0a224d592022-01-05 10:05:33.717root 11241100x80000000000000006967584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2cdb95b04330bf2022-01-05 10:05:33.718root 354300x80000000000000006967585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:33.743{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42262-false10.0.1.12-8089- 354300x80000000000000006967586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.009{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41784-false10.0.1.12-8000- 11241100x80000000000000006967587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.010{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d153af496c9ad22022-01-05 10:05:34.010root 11241100x80000000000000006967588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.011{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e4e7b774ec6c272022-01-05 10:05:34.011root 11241100x80000000000000006967589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.011{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af229a56ccf96b8a2022-01-05 10:05:34.011root 11241100x80000000000000006967590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.011{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e82dd29ad828a3a2022-01-05 10:05:34.011root 11241100x80000000000000006967591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.011{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2873c7f6711fb61b2022-01-05 10:05:34.011root 11241100x80000000000000006967592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.011{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884e9d86231a03c12022-01-05 10:05:34.011root 11241100x80000000000000006967593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.011{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c16262b34926c2022-01-05 10:05:34.011root 11241100x80000000000000006967594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.012{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0199613ac791a052022-01-05 10:05:34.012root 11241100x80000000000000006967595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.012{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f68d1b53738c282022-01-05 10:05:34.012root 11241100x80000000000000006967596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.012{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80659c4c1f1bc3472022-01-05 10:05:34.012root 11241100x80000000000000006967597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.012{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b63a097045666c42022-01-05 10:05:34.012root 11241100x80000000000000006967598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.012{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f572ea499753552022-01-05 10:05:34.012root 11241100x80000000000000006967599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.012{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a8f0ca28c6e03c2022-01-05 10:05:34.012root 11241100x80000000000000006967600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.013{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e95670bd302717b2022-01-05 10:05:34.013root 11241100x80000000000000006967601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.013{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cd01e220e8f77d2022-01-05 10:05:34.013root 11241100x80000000000000006967602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.013{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c6db7d0c2cd8d52022-01-05 10:05:34.013root 11241100x80000000000000006967603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.013{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1c3fda6bea6df02022-01-05 10:05:34.013root 11241100x80000000000000006967604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521f6c0aea806afd2022-01-05 10:05:34.014root 11241100x80000000000000006967605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8950c5abd4122c942022-01-05 10:05:34.014root 11241100x80000000000000006967606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d659fb6ebc8bbbd42022-01-05 10:05:34.014root 11241100x80000000000000006967607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcec0f8319d9733b2022-01-05 10:05:34.014root 11241100x80000000000000006967608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df3c4b4b816bddd2022-01-05 10:05:34.014root 11241100x80000000000000006967609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6aaff5f5d9f162d2022-01-05 10:05:34.015root 11241100x80000000000000006967610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c553d2bec204802022-01-05 10:05:34.015root 11241100x80000000000000006967611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.016{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4edb6149783c8f2022-01-05 10:05:34.016root 11241100x80000000000000006967612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.016{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c80273cdd8732b92022-01-05 10:05:34.016root 11241100x80000000000000006967613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.016{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a560008f50422f572022-01-05 10:05:34.016root 11241100x80000000000000006967614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.016{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd408ace53b3d3b2022-01-05 10:05:34.016root 11241100x80000000000000006967615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.016{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e80488d7ee527d92022-01-05 10:05:34.016root 11241100x80000000000000006967616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.017{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ac9036e598d7ad2022-01-05 10:05:34.017root 11241100x80000000000000006967617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.017{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc586f513ae97fd2022-01-05 10:05:34.017root 11241100x80000000000000006967618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.017{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9579baf35e73dcd32022-01-05 10:05:34.017root 11241100x80000000000000006967619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.018{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ab3eb0256c5efd2022-01-05 10:05:34.018root 11241100x80000000000000006967620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.019{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1093e3ff60adb3a52022-01-05 10:05:34.019root 11241100x80000000000000006967621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.020{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12129c6f69b3905a2022-01-05 10:05:34.020root 11241100x80000000000000006967622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.020{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ada02dd34b6dfc42022-01-05 10:05:34.020root 11241100x80000000000000006967623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.020{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f042a8ed9ce1af9a2022-01-05 10:05:34.020root 11241100x80000000000000006967624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.021{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f39606d10ca5ad42022-01-05 10:05:34.021root 11241100x80000000000000006967625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.021{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ab90d7e39bf0cb2022-01-05 10:05:34.021root 11241100x80000000000000006967626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.021{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbd4b83b5a7de2f2022-01-05 10:05:34.021root 11241100x80000000000000006967627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8849e0dc33ac66ca2022-01-05 10:05:34.022root 11241100x80000000000000006967628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6104e30088d80902022-01-05 10:05:34.022root 11241100x80000000000000006967629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e076a9c541916e2022-01-05 10:05:34.022root 11241100x80000000000000006967630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b683f25a4a553ec62022-01-05 10:05:34.023root 11241100x80000000000000006967631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850facc163e10f5b2022-01-05 10:05:34.023root 11241100x80000000000000006967632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21113486937012422022-01-05 10:05:34.023root 11241100x80000000000000006967633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f73e4b1c3bc5fe2022-01-05 10:05:34.024root 11241100x80000000000000006967634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5597cdcd1a86c222022-01-05 10:05:34.024root 11241100x80000000000000006967635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e68784c118061b2022-01-05 10:05:34.024root 11241100x80000000000000006967636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d612fcd7ab585c0a2022-01-05 10:05:34.024root 11241100x80000000000000006967637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52daf9b1aefab2ea2022-01-05 10:05:34.025root 11241100x80000000000000006967638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38adda2b8969d5542022-01-05 10:05:34.025root 11241100x80000000000000006967639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0762ff9edac46462022-01-05 10:05:34.025root 11241100x80000000000000006967640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcaa3248b47c5c92022-01-05 10:05:34.025root 11241100x80000000000000006967641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c725088d71b5b5342022-01-05 10:05:34.459root 11241100x80000000000000006967642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6b19bc9e727c8a2022-01-05 10:05:34.459root 11241100x80000000000000006967643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736be2ea2ca969462022-01-05 10:05:34.459root 11241100x80000000000000006967644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326ca1472c3a5212022-01-05 10:05:34.459root 11241100x80000000000000006967645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82026b07b8a7a38b2022-01-05 10:05:34.459root 11241100x80000000000000006967646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eeff92c6a25d822022-01-05 10:05:34.460root 11241100x80000000000000006967647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad0a52c227236ef2022-01-05 10:05:34.460root 11241100x80000000000000006967648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bef13f57f8922472022-01-05 10:05:34.460root 11241100x80000000000000006967649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aa400e25932b5d2022-01-05 10:05:34.460root 11241100x80000000000000006967650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f3a0cd84d2e69a2022-01-05 10:05:34.460root 11241100x80000000000000006967651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e832c2601558b02022-01-05 10:05:34.460root 11241100x80000000000000006967652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7fd730d34263582022-01-05 10:05:34.460root 11241100x80000000000000006967653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3d72e270e3893d2022-01-05 10:05:34.460root 11241100x80000000000000006967654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833b1561e3b730b22022-01-05 10:05:34.460root 11241100x80000000000000006967655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1760598c5532a3e2022-01-05 10:05:34.460root 11241100x80000000000000006967656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c470deadd965af2022-01-05 10:05:34.461root 11241100x80000000000000006967657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7302221225e17e272022-01-05 10:05:34.461root 11241100x80000000000000006967658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7a8b19c58e12372022-01-05 10:05:34.461root 11241100x80000000000000006967659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b43fb4032456eca2022-01-05 10:05:34.461root 11241100x80000000000000006967660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4ae5e9b62dd57a2022-01-05 10:05:34.461root 11241100x80000000000000006967661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807483466b786d0a2022-01-05 10:05:34.461root 11241100x80000000000000006967662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3c00fbebff5c1e2022-01-05 10:05:34.461root 11241100x80000000000000006967663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09706f5cc7caba3d2022-01-05 10:05:34.461root 11241100x80000000000000006967664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ffd00f7e3bcc322022-01-05 10:05:34.461root 11241100x80000000000000006967665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a618f5112e8fd9722022-01-05 10:05:34.462root 11241100x80000000000000006967666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c84c50ef32a2a1a2022-01-05 10:05:34.462root 11241100x80000000000000006967667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295666eadffdc1a82022-01-05 10:05:34.462root 11241100x80000000000000006967668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583f35cc512170262022-01-05 10:05:34.462root 11241100x80000000000000006967669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05392ea6cfe2b9f2022-01-05 10:05:34.462root 11241100x80000000000000006967670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b787d718fe87dd92022-01-05 10:05:34.462root 11241100x80000000000000006967671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92130cfa6fa2b5762022-01-05 10:05:34.462root 11241100x80000000000000006967672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27978138489d38cd2022-01-05 10:05:34.462root 11241100x80000000000000006967673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069c4614cce673d42022-01-05 10:05:34.462root 11241100x80000000000000006967674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35d7ea935ea2f9f2022-01-05 10:05:34.463root 11241100x80000000000000006967675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6017948b3cd6892022-01-05 10:05:34.463root 11241100x80000000000000006967676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24d426e1606e2902022-01-05 10:05:34.463root 11241100x80000000000000006967677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e503185139b63cd42022-01-05 10:05:34.464root 11241100x80000000000000006967678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10539065873d45852022-01-05 10:05:34.464root 11241100x80000000000000006967679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef7ae5fef11ac2e2022-01-05 10:05:34.464root 11241100x80000000000000006967680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb20c0704eb7813e2022-01-05 10:05:34.464root 11241100x80000000000000006967681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f625778c16cbf4792022-01-05 10:05:34.465root 11241100x80000000000000006967682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b20b5319a24a2d42022-01-05 10:05:34.465root 11241100x80000000000000006967683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a1ff25f6fe4e232022-01-05 10:05:34.465root 11241100x80000000000000006967684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634018794e3a2b8a2022-01-05 10:05:34.465root 11241100x80000000000000006967685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc1c069507bfb0f2022-01-05 10:05:34.466root 11241100x80000000000000006967686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44975edffb330dc2022-01-05 10:05:34.466root 11241100x80000000000000006967687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79849c6c579b0752022-01-05 10:05:34.466root 11241100x80000000000000006967688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94947019ec0b2a642022-01-05 10:05:34.466root 11241100x80000000000000006967689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b442aa7bc90c9052022-01-05 10:05:34.466root 11241100x80000000000000006967690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3985f8ce6f4a49312022-01-05 10:05:34.960root 11241100x80000000000000006967691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8425f8b89509992022-01-05 10:05:34.960root 11241100x80000000000000006967692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e16b0fd84484f62022-01-05 10:05:34.960root 11241100x80000000000000006967693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7362c3424d73b4402022-01-05 10:05:34.960root 11241100x80000000000000006967694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1dc5d6705cb6722022-01-05 10:05:34.960root 11241100x80000000000000006967695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e673fbcf69ee532022-01-05 10:05:34.960root 11241100x80000000000000006967696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81aed85c3575b4102022-01-05 10:05:34.961root 11241100x80000000000000006967697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b2772f7400dfb22022-01-05 10:05:34.961root 11241100x80000000000000006967698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1dd357e76295352022-01-05 10:05:34.961root 11241100x80000000000000006967699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f0eb39086860a52022-01-05 10:05:34.961root 11241100x80000000000000006967700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758e70b187b1e0c32022-01-05 10:05:34.961root 11241100x80000000000000006967701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6623400dbd261a92022-01-05 10:05:34.961root 11241100x80000000000000006967702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639a83713f6fda402022-01-05 10:05:34.961root 11241100x80000000000000006967703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6425527db988d2242022-01-05 10:05:34.961root 11241100x80000000000000006967704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bc3786c370af182022-01-05 10:05:34.961root 11241100x80000000000000006967705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fb01226cc4f0002022-01-05 10:05:34.961root 11241100x80000000000000006967706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8950ea54635e30022022-01-05 10:05:34.961root 11241100x80000000000000006967707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2613f3f7d7d6152d2022-01-05 10:05:34.961root 11241100x80000000000000006967708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7890963ce2873642022-01-05 10:05:34.961root 11241100x80000000000000006967709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bcba2d98aa49702022-01-05 10:05:34.961root 11241100x80000000000000006967710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f679757276d7b8a42022-01-05 10:05:34.962root 11241100x80000000000000006967711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51616eef390b4e212022-01-05 10:05:34.962root 11241100x80000000000000006967712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a909846e3f5e31942022-01-05 10:05:34.962root 11241100x80000000000000006967713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52bc90b94c80f792022-01-05 10:05:34.962root 11241100x80000000000000006967714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb16d80486432842022-01-05 10:05:34.962root 11241100x80000000000000006967715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7d32a9243c093e2022-01-05 10:05:34.962root 11241100x80000000000000006967716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c536625208d29e2022-01-05 10:05:34.962root 11241100x80000000000000006967717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f52296eddfb65722022-01-05 10:05:34.962root 11241100x80000000000000006967718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef528cad4ab729f2022-01-05 10:05:34.962root 11241100x80000000000000006967719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ff79c1e51c18cb2022-01-05 10:05:34.962root 11241100x80000000000000006967720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246eea81e590c4f72022-01-05 10:05:34.962root 11241100x80000000000000006967721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30a927089689ccb2022-01-05 10:05:34.962root 11241100x80000000000000006967722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec8ead173a17642022-01-05 10:05:34.962root 11241100x80000000000000006967723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc318485598d7002022-01-05 10:05:35.460root 11241100x80000000000000006967724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d8b9e3520bffe32022-01-05 10:05:35.460root 11241100x80000000000000006967725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ed63f3abe2d2342022-01-05 10:05:35.460root 11241100x80000000000000006967726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d08cc58f50680b2022-01-05 10:05:35.460root 11241100x80000000000000006967727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6ed2c4ce1045ac2022-01-05 10:05:35.460root 11241100x80000000000000006967728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb4565481c5774b2022-01-05 10:05:35.460root 11241100x80000000000000006967729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd62b65fcbdb745f2022-01-05 10:05:35.460root 11241100x80000000000000006967730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce304306a7d19e6b2022-01-05 10:05:35.460root 11241100x80000000000000006967731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887d735683315c862022-01-05 10:05:35.460root 11241100x80000000000000006967732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd034e7a33f384192022-01-05 10:05:35.460root 11241100x80000000000000006967733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffed98f6aba405fa2022-01-05 10:05:35.460root 11241100x80000000000000006967734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03946d9475f81e92022-01-05 10:05:35.460root 11241100x80000000000000006967735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c890c1fde0cd9972022-01-05 10:05:35.460root 11241100x80000000000000006967736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5036e1dd46dbf9852022-01-05 10:05:35.461root 11241100x80000000000000006967737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1b31827d3256ca2022-01-05 10:05:35.461root 11241100x80000000000000006967738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae3fa0cc232d8e82022-01-05 10:05:35.461root 11241100x80000000000000006967739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020b5f03e9f2edf42022-01-05 10:05:35.461root 11241100x80000000000000006967740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7842338cb8d280b2022-01-05 10:05:35.461root 11241100x80000000000000006967741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f8b423cafa02b92022-01-05 10:05:35.461root 11241100x80000000000000006967742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fee46c914ad4c942022-01-05 10:05:35.461root 11241100x80000000000000006967743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccc61fe785e60a42022-01-05 10:05:35.461root 11241100x80000000000000006967744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20465992b470bf3b2022-01-05 10:05:35.461root 11241100x80000000000000006967745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d5c9d38b06b2ae2022-01-05 10:05:35.461root 11241100x80000000000000006967746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc34f65824e50612022-01-05 10:05:35.461root 11241100x80000000000000006967747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9680a6446e10a6d2022-01-05 10:05:35.461root 11241100x80000000000000006967748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b6e440242083612022-01-05 10:05:35.461root 11241100x80000000000000006967749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce95d74705d9e2eb2022-01-05 10:05:35.461root 11241100x80000000000000006967750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e23ee5771601e42022-01-05 10:05:35.462root 11241100x80000000000000006967751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b516d56303220f7e2022-01-05 10:05:35.462root 11241100x80000000000000006967752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74348e642da27fb32022-01-05 10:05:35.462root 11241100x80000000000000006967753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf664d03449243432022-01-05 10:05:35.462root 11241100x80000000000000006967754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2311a52344b3032022-01-05 10:05:35.462root 11241100x80000000000000006967755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41286dabe0dc4af42022-01-05 10:05:35.462root 11241100x80000000000000006967756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675818e018077ce32022-01-05 10:05:35.959root 11241100x80000000000000006967757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cadecb010fc2d402022-01-05 10:05:35.959root 11241100x80000000000000006967758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc22761b7a6bb802022-01-05 10:05:35.959root 11241100x80000000000000006967759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e90a2b6d003ea62022-01-05 10:05:35.959root 11241100x80000000000000006967760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165336cce3a77f0e2022-01-05 10:05:35.959root 11241100x80000000000000006967761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76130cc99abd37452022-01-05 10:05:35.959root 11241100x80000000000000006967762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68271b9a836ad1512022-01-05 10:05:35.959root 11241100x80000000000000006967763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99918d15210155512022-01-05 10:05:35.959root 11241100x80000000000000006967764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2714134c186bf98f2022-01-05 10:05:35.960root 11241100x80000000000000006967765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ce5f88da1ca7cc2022-01-05 10:05:35.960root 11241100x80000000000000006967766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cbf544018887df2022-01-05 10:05:35.960root 11241100x80000000000000006967767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b085c203be3080e72022-01-05 10:05:35.960root 11241100x80000000000000006967768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e7c76362dea7cc2022-01-05 10:05:35.960root 11241100x80000000000000006967769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acb9f78415d095c2022-01-05 10:05:35.960root 11241100x80000000000000006967770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376d8d175d30fccd2022-01-05 10:05:35.960root 11241100x80000000000000006967771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a89377c0ed86552022-01-05 10:05:35.960root 11241100x80000000000000006967772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89427713da4f8bf82022-01-05 10:05:35.960root 11241100x80000000000000006967773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06003349ae171402022-01-05 10:05:35.960root 11241100x80000000000000006967774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816c52618d63cc182022-01-05 10:05:35.960root 11241100x80000000000000006967775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a283170a905f409b2022-01-05 10:05:35.960root 11241100x80000000000000006967776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1651169d4aadf3da2022-01-05 10:05:35.960root 11241100x80000000000000006967777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab98f7830a82d3f2022-01-05 10:05:35.960root 11241100x80000000000000006967778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b000d01895d744482022-01-05 10:05:35.960root 11241100x80000000000000006967779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff56959f955f16c2022-01-05 10:05:35.961root 11241100x80000000000000006967780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948cba023141c7cf2022-01-05 10:05:35.961root 11241100x80000000000000006967781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780230945d526ab12022-01-05 10:05:35.961root 11241100x80000000000000006967782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd29c123fe9700712022-01-05 10:05:35.961root 11241100x80000000000000006967783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c788363cc31330952022-01-05 10:05:35.961root 11241100x80000000000000006967784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2435209a13441bae2022-01-05 10:05:35.961root 11241100x80000000000000006967785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1490ab987b91e1922022-01-05 10:05:35.961root 11241100x80000000000000006967786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc1ea0ea504a52e2022-01-05 10:05:35.961root 11241100x80000000000000006967787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d893bfc83c446aea2022-01-05 10:05:35.961root 11241100x80000000000000006967788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc14b467d8d6885c2022-01-05 10:05:35.961root 11241100x80000000000000006967789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69d082523393102022-01-05 10:05:35.961root 11241100x80000000000000006967790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7383b28ecfd9472022-01-05 10:05:35.961root 11241100x80000000000000006967791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1737623104456252022-01-05 10:05:35.961root 11241100x80000000000000006967792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3808f47fb042b7bd2022-01-05 10:05:35.961root 11241100x80000000000000006967793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd8410d259395b92022-01-05 10:05:35.962root 11241100x80000000000000006967794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6332dec1a46ed852022-01-05 10:05:35.962root 11241100x80000000000000006967795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf434904baf9b5b2022-01-05 10:05:35.962root 11241100x80000000000000006967796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6a50f8814ba7a52022-01-05 10:05:35.962root 11241100x80000000000000006967797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8645d7dd5381f72022-01-05 10:05:35.962root 11241100x80000000000000006967798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5504dfc8347ac78c2022-01-05 10:05:35.962root 11241100x80000000000000006967799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70a6fbc890d1a142022-01-05 10:05:36.459root 11241100x80000000000000006967800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a78fc4ad89d0b562022-01-05 10:05:36.460root 11241100x80000000000000006967801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb1ee00c4128b292022-01-05 10:05:36.460root 11241100x80000000000000006967802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7725e4d4698ca4ab2022-01-05 10:05:36.460root 11241100x80000000000000006967803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73536859fa6ad8f82022-01-05 10:05:36.460root 11241100x80000000000000006967804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7501b5bc7b6ce2df2022-01-05 10:05:36.460root 11241100x80000000000000006967805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f518da241999ba82022-01-05 10:05:36.460root 11241100x80000000000000006967806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edf6928deb973172022-01-05 10:05:36.460root 11241100x80000000000000006967807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c27c8d1bb4d9f22022-01-05 10:05:36.460root 11241100x80000000000000006967808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef88cd13729be152022-01-05 10:05:36.460root 11241100x80000000000000006967809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a241780ef53483052022-01-05 10:05:36.460root 11241100x80000000000000006967810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d1095ef86843632022-01-05 10:05:36.460root 11241100x80000000000000006967811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787861cb19e3899f2022-01-05 10:05:36.460root 11241100x80000000000000006967812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3a262f2dbe01dd2022-01-05 10:05:36.461root 11241100x80000000000000006967813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86107187d511ca72022-01-05 10:05:36.461root 11241100x80000000000000006967814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d06c9e36f10d2932022-01-05 10:05:36.461root 11241100x80000000000000006967815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f122f4f7e6c64a532022-01-05 10:05:36.461root 11241100x80000000000000006967816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d37954129cc5ba2022-01-05 10:05:36.461root 11241100x80000000000000006967817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916efbc110af0c6a2022-01-05 10:05:36.461root 11241100x80000000000000006967818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac87acf6db5987792022-01-05 10:05:36.461root 11241100x80000000000000006967819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ca0bf035d5bd82022-01-05 10:05:36.461root 11241100x80000000000000006967820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1515d8bb231814112022-01-05 10:05:36.461root 11241100x80000000000000006967821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd2ffbb1e558a102022-01-05 10:05:36.461root 11241100x80000000000000006967822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc09eb8dc66630b2022-01-05 10:05:36.461root 11241100x80000000000000006967823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bea78d738d8e83d2022-01-05 10:05:36.461root 11241100x80000000000000006967824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76d01eb947b8c522022-01-05 10:05:36.462root 11241100x80000000000000006967825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ce28f1c13c7c232022-01-05 10:05:36.462root 11241100x80000000000000006967826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d13992e6f118242022-01-05 10:05:36.462root 11241100x80000000000000006967827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1147756f5df77f052022-01-05 10:05:36.462root 11241100x80000000000000006967828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d919548b611122022-01-05 10:05:36.462root 11241100x80000000000000006967829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bead94ef945923922022-01-05 10:05:36.462root 11241100x80000000000000006967830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7245a73673ac7cd2022-01-05 10:05:36.462root 11241100x80000000000000006967831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1281f318354a77f2022-01-05 10:05:36.462root 11241100x80000000000000006967832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa55d45919543de32022-01-05 10:05:36.462root 11241100x80000000000000006967833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a2a333a65ae1362022-01-05 10:05:36.462root 11241100x80000000000000006967834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780b6f418c12bcba2022-01-05 10:05:36.960root 11241100x80000000000000006967835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277e086d8e007eb02022-01-05 10:05:36.960root 11241100x80000000000000006967836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f148df130e1b57112022-01-05 10:05:36.960root 11241100x80000000000000006967837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9248b73ca099ec72022-01-05 10:05:36.960root 11241100x80000000000000006967838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3c6ea055baf3ae2022-01-05 10:05:36.960root 11241100x80000000000000006967839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b85bfdad031e352022-01-05 10:05:36.960root 11241100x80000000000000006967840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7eeb20933244612022-01-05 10:05:36.960root 11241100x80000000000000006967841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ddf44a6c0256652022-01-05 10:05:36.960root 11241100x80000000000000006967842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44793c61ea2737952022-01-05 10:05:36.960root 11241100x80000000000000006967843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b0b039550b2e312022-01-05 10:05:36.961root 11241100x80000000000000006967844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f001f497b0ab07a2022-01-05 10:05:36.961root 11241100x80000000000000006967845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b54425f48466542022-01-05 10:05:36.961root 11241100x80000000000000006967846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8775c3f362c0a72022-01-05 10:05:36.961root 11241100x80000000000000006967847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802e2d97cb444832022-01-05 10:05:36.961root 11241100x80000000000000006967848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a4e494b916d8422022-01-05 10:05:36.961root 11241100x80000000000000006967849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a16730430d88ae2022-01-05 10:05:36.961root 11241100x80000000000000006967850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8b506dfc8beded2022-01-05 10:05:36.961root 11241100x80000000000000006967851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68b93debf126aa22022-01-05 10:05:36.961root 11241100x80000000000000006967852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4142b3f303c12e12022-01-05 10:05:36.961root 11241100x80000000000000006967853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33be583ba1b094da2022-01-05 10:05:36.961root 11241100x80000000000000006967854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cb915be6ca377e2022-01-05 10:05:36.961root 11241100x80000000000000006967855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f0f37771212fd82022-01-05 10:05:36.961root 11241100x80000000000000006967856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cb37dc80777e3d2022-01-05 10:05:36.961root 11241100x80000000000000006967857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f3f417c3cd9f4b2022-01-05 10:05:36.962root 11241100x80000000000000006967858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0006b7cc7011087d2022-01-05 10:05:36.962root 11241100x80000000000000006967859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8dc2857741b1122022-01-05 10:05:36.962root 11241100x80000000000000006967860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e442c8ed673fc32022-01-05 10:05:36.962root 11241100x80000000000000006967861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa1966ec16781652022-01-05 10:05:36.962root 11241100x80000000000000006967862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41d7d0491b654072022-01-05 10:05:36.962root 11241100x80000000000000006967863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6c24c783f4144a2022-01-05 10:05:36.962root 11241100x80000000000000006967864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fbf150fcf877242022-01-05 10:05:36.962root 11241100x80000000000000006967865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216589496a1db4a22022-01-05 10:05:36.962root 11241100x80000000000000006967866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dea67d2f6946ae32022-01-05 10:05:36.962root 11241100x80000000000000006967867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160fbd0fb95930eb2022-01-05 10:05:37.459root 11241100x80000000000000006967868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c070cd830d462c2022-01-05 10:05:37.459root 11241100x80000000000000006967869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a04de3e6ecf1c82022-01-05 10:05:37.459root 11241100x80000000000000006967870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49543091edac1172022-01-05 10:05:37.459root 11241100x80000000000000006967871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26943d7a18c7ca782022-01-05 10:05:37.460root 11241100x80000000000000006967872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a2bb805e971c8e2022-01-05 10:05:37.460root 11241100x80000000000000006967873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e7658e8bdd408a2022-01-05 10:05:37.460root 11241100x80000000000000006967874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd9e025197ff6a42022-01-05 10:05:37.460root 11241100x80000000000000006967875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af06ab230a8b6e462022-01-05 10:05:37.460root 11241100x80000000000000006967876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca7e19b44737aff2022-01-05 10:05:37.460root 11241100x80000000000000006967877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aade3249ef8b13b2022-01-05 10:05:37.460root 11241100x80000000000000006967878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28393240f397bfa52022-01-05 10:05:37.460root 11241100x80000000000000006967879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc353256c1b0d562022-01-05 10:05:37.460root 11241100x80000000000000006967880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be821f57e4b36162022-01-05 10:05:37.460root 11241100x80000000000000006967881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e3b3646a0c937b2022-01-05 10:05:37.460root 11241100x80000000000000006967882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e74cc6aeda33eae2022-01-05 10:05:37.460root 11241100x80000000000000006967883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4defec79ed22c1662022-01-05 10:05:37.460root 11241100x80000000000000006967884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf073d736e620dd2022-01-05 10:05:37.460root 11241100x80000000000000006967885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e89a370e6f428e2022-01-05 10:05:37.461root 11241100x80000000000000006967886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b778cd5ff78ec8ba2022-01-05 10:05:37.461root 11241100x80000000000000006967887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522f41c94bbfe1672022-01-05 10:05:37.461root 11241100x80000000000000006967888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e708dde0380c7302022-01-05 10:05:37.461root 11241100x80000000000000006967889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b32bbb0e672d7c72022-01-05 10:05:37.461root 11241100x80000000000000006967890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf0a564b90445a82022-01-05 10:05:37.461root 11241100x80000000000000006967891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cd53c4359a92f12022-01-05 10:05:37.461root 11241100x80000000000000006967892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce6d74d325bfc402022-01-05 10:05:37.461root 11241100x80000000000000006967893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1ad249ae60b70f2022-01-05 10:05:37.461root 11241100x80000000000000006967894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309112d12ab7f5d42022-01-05 10:05:37.461root 11241100x80000000000000006967895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432a5f3d07cd4f652022-01-05 10:05:37.461root 11241100x80000000000000006967896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6930c38a6aeaac6c2022-01-05 10:05:37.461root 11241100x80000000000000006967897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e79449849b59862022-01-05 10:05:37.461root 11241100x80000000000000006967898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb18651b2ef446782022-01-05 10:05:37.461root 11241100x80000000000000006967899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833828e0472848b72022-01-05 10:05:37.462root 11241100x80000000000000006967900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69c921808ad34c12022-01-05 10:05:37.462root 11241100x80000000000000006967901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fcfc9e32fa8eaa2022-01-05 10:05:37.462root 11241100x80000000000000006967902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c43e7f177c1c2e02022-01-05 10:05:37.462root 11241100x80000000000000006967903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce21340033d0bd482022-01-05 10:05:37.462root 11241100x80000000000000006967904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e10adcc9c0e58d2022-01-05 10:05:37.960root 11241100x80000000000000006967905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081d58c943f97d752022-01-05 10:05:37.960root 11241100x80000000000000006967906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3a15ca9f8be4342022-01-05 10:05:37.960root 11241100x80000000000000006967907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1747f8833ac7bc662022-01-05 10:05:37.960root 11241100x80000000000000006967908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab00d3848486a972022-01-05 10:05:37.960root 11241100x80000000000000006967909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66302ec29beec14e2022-01-05 10:05:37.960root 11241100x80000000000000006967910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cab211d1649fa262022-01-05 10:05:37.960root 11241100x80000000000000006967911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beb6759c7c280442022-01-05 10:05:37.960root 11241100x80000000000000006967912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75430872058d634c2022-01-05 10:05:37.960root 11241100x80000000000000006967913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee400e82872ee6f2022-01-05 10:05:37.961root 11241100x80000000000000006967914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e0eff13dc8705c2022-01-05 10:05:37.961root 11241100x80000000000000006967915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036fab076b55c83c2022-01-05 10:05:37.961root 11241100x80000000000000006967916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567abf999096d14c2022-01-05 10:05:37.961root 11241100x80000000000000006967917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056a6a4151e93ec32022-01-05 10:05:37.961root 11241100x80000000000000006967918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d151685e9f3acb6b2022-01-05 10:05:37.961root 11241100x80000000000000006967919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75db5b7956b42cf2022-01-05 10:05:37.961root 11241100x80000000000000006967920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2265264e04b4e42022-01-05 10:05:37.961root 11241100x80000000000000006967921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450174419b61dd972022-01-05 10:05:37.961root 11241100x80000000000000006967922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d686b93df2a2a32022-01-05 10:05:37.961root 11241100x80000000000000006967923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dca42b82a6f6d392022-01-05 10:05:37.961root 11241100x80000000000000006967924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dce077e1e66af72022-01-05 10:05:37.961root 11241100x80000000000000006967925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2738a9bb1249ffa2022-01-05 10:05:37.961root 11241100x80000000000000006967926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfdf1235689f4612022-01-05 10:05:37.961root 11241100x80000000000000006967927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd116cd8233b71be2022-01-05 10:05:37.961root 11241100x80000000000000006967928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6c45349f45daaf2022-01-05 10:05:37.962root 11241100x80000000000000006967929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0571501ba8cfe67f2022-01-05 10:05:37.962root 11241100x80000000000000006967930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001d9ed2030a8b922022-01-05 10:05:37.962root 11241100x80000000000000006967931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4434ca1d05697e2022-01-05 10:05:37.962root 11241100x80000000000000006967932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b436ae2c1adcb7042022-01-05 10:05:37.962root 11241100x80000000000000006967933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77095d5098e7fe8f2022-01-05 10:05:37.962root 11241100x80000000000000006967934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d3a2e0d3f5129c2022-01-05 10:05:37.962root 11241100x80000000000000006967935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0342a160ab507c9f2022-01-05 10:05:37.962root 11241100x80000000000000006967936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfc90ec105fc15e2022-01-05 10:05:37.962root 11241100x80000000000000006967937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5191c52c9456f02022-01-05 10:05:37.962root 11241100x80000000000000006967938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d28268ae42a5a42022-01-05 10:05:38.460root 11241100x80000000000000006967939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c83b84865e1cb502022-01-05 10:05:38.460root 11241100x80000000000000006967940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f020fc04b0cfae132022-01-05 10:05:38.460root 11241100x80000000000000006967941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b656704f0791a192022-01-05 10:05:38.460root 11241100x80000000000000006967942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d3873558f6e8822022-01-05 10:05:38.460root 11241100x80000000000000006967943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2925a0b3337cbbff2022-01-05 10:05:38.460root 11241100x80000000000000006967944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3ad614cef45a4b2022-01-05 10:05:38.460root 11241100x80000000000000006967945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cf38a795f70c5e2022-01-05 10:05:38.460root 11241100x80000000000000006967946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05106dbec023df612022-01-05 10:05:38.461root 11241100x80000000000000006967947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ec1d41209123f72022-01-05 10:05:38.461root 11241100x80000000000000006967948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fca6104337840302022-01-05 10:05:38.461root 11241100x80000000000000006967949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1eec14be6071b82022-01-05 10:05:38.461root 11241100x80000000000000006967950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e66d78004b24962022-01-05 10:05:38.461root 11241100x80000000000000006967951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4c136970621da2022-01-05 10:05:38.461root 11241100x80000000000000006967952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42276d5a95f209d42022-01-05 10:05:38.461root 11241100x80000000000000006967953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c0b4eca47269ad2022-01-05 10:05:38.461root 11241100x80000000000000006967954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69750bd8003e0ac72022-01-05 10:05:38.461root 11241100x80000000000000006967955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78c9b1b46f137832022-01-05 10:05:38.461root 11241100x80000000000000006967956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f023f9909005412022-01-05 10:05:38.461root 11241100x80000000000000006967957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d50a9afee6addce2022-01-05 10:05:38.461root 11241100x80000000000000006967958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ae0acea7af19412022-01-05 10:05:38.461root 11241100x80000000000000006967959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455f1cb050bcf3b12022-01-05 10:05:38.461root 11241100x80000000000000006967960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6c4109917dd9f72022-01-05 10:05:38.461root 11241100x80000000000000006967961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026d4e121b08911e2022-01-05 10:05:38.462root 11241100x80000000000000006967962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6084d443ec85d7762022-01-05 10:05:38.462root 11241100x80000000000000006967963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec28d17221b380bb2022-01-05 10:05:38.462root 11241100x80000000000000006967964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6e3742e3214e0f2022-01-05 10:05:38.462root 11241100x80000000000000006967965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210710072f4be9f42022-01-05 10:05:38.462root 11241100x80000000000000006967966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fbaf192e502efc2022-01-05 10:05:38.462root 11241100x80000000000000006967967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ba844429e6b75a2022-01-05 10:05:38.462root 11241100x80000000000000006967968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e10190ce6b9c122022-01-05 10:05:38.462root 11241100x80000000000000006967969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d6b2ce00476b4e2022-01-05 10:05:38.462root 11241100x80000000000000006967970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2274aacd6a285432022-01-05 10:05:38.462root 11241100x80000000000000006967971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c8570c3d09fd1d2022-01-05 10:05:38.959root 11241100x80000000000000006967972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d382ad292ccaa8c62022-01-05 10:05:38.960root 11241100x80000000000000006967973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f961f8b28338f092022-01-05 10:05:38.960root 11241100x80000000000000006967974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0ff3fc977262fd2022-01-05 10:05:38.960root 11241100x80000000000000006967975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eab19dd3f1ba0db2022-01-05 10:05:38.960root 11241100x80000000000000006967976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3195793cb3083d52022-01-05 10:05:38.960root 11241100x80000000000000006967977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569fed9670ac606c2022-01-05 10:05:38.960root 11241100x80000000000000006967978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4067ac274bd3be2022-01-05 10:05:38.960root 11241100x80000000000000006967979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71877f35d69bdfab2022-01-05 10:05:38.960root 11241100x80000000000000006967980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380fb6410b44b4002022-01-05 10:05:38.960root 11241100x80000000000000006967981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f44b023d7d7c462022-01-05 10:05:38.960root 11241100x80000000000000006967982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db92d6f13694cae2022-01-05 10:05:38.960root 11241100x80000000000000006967983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fe6d8d132f0cc32022-01-05 10:05:38.960root 11241100x80000000000000006967984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2c730c6163e42b2022-01-05 10:05:38.961root 11241100x80000000000000006967985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6b1b30df1f5e742022-01-05 10:05:38.961root 11241100x80000000000000006967986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7876700aac44b92022-01-05 10:05:38.961root 11241100x80000000000000006967987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993cbfdaacf469f62022-01-05 10:05:38.961root 11241100x80000000000000006967988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a9cd651dc99b532022-01-05 10:05:38.961root 11241100x80000000000000006967989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08e01b863e268772022-01-05 10:05:38.961root 11241100x80000000000000006967990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8906d554a7b569582022-01-05 10:05:38.961root 11241100x80000000000000006967991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8062571f86c61fd32022-01-05 10:05:38.961root 11241100x80000000000000006967992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbed812784972cf2022-01-05 10:05:38.961root 11241100x80000000000000006967993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa010306388910072022-01-05 10:05:38.962root 11241100x80000000000000006967994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aaeaea0f9a62fe2022-01-05 10:05:38.962root 11241100x80000000000000006967995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fad2abe9970b3ff2022-01-05 10:05:38.962root 11241100x80000000000000006967996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bf87ed9028c78d2022-01-05 10:05:38.962root 11241100x80000000000000006967997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b853586d36d251432022-01-05 10:05:38.962root 11241100x80000000000000006967998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b468a25793fe64a2022-01-05 10:05:38.962root 11241100x80000000000000006967999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156b39413e0c53b92022-01-05 10:05:38.962root 11241100x80000000000000006968000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eb97bb945ac5f52022-01-05 10:05:38.962root 11241100x80000000000000006968001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386a418b6c0decd62022-01-05 10:05:38.962root 11241100x80000000000000006968002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d4a7d05467f7f92022-01-05 10:05:38.962root 11241100x80000000000000006968003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e19c77c1787ff12022-01-05 10:05:38.962root 11241100x80000000000000006968004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4f261a9d2a028c2022-01-05 10:05:38.962root 11241100x80000000000000006968005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5620335cbed2182022-01-05 10:05:38.962root 11241100x80000000000000006968006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a299fbe56ef9d2732022-01-05 10:05:38.962root 11241100x80000000000000006968007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:05:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5aa7a742b5fe742022-01-05 10:05:38.963root